CVE-2019-8999

HIGH

BlackBerry Unified Endpoint Management < 12.10.1a - XML External Entity Injection

Title source: llm
STIX 2.1

Description

An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.

References (1)

Core 1
Core References
Mitigation, Patch, Vendor Advisory x_refsource_misc
http://support.blackberry.com/kb/articleDetail?articleNumber=000056241

Scores

CVSS v3 7.5
EPSS 0.0149
EPSS Percentile 70.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-611
Status published
Products (1)
blackberry/unified_endpoint_management < 12.10.1a
Published Apr 18, 2019
Tracked Since Feb 18, 2026