CVE-2021-22153

HIGH

Blackberry Unified Endpoint Management - Remote Code Execution

Title source: rule

Description

A Remote Code Execution vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially cause the spreadsheet application to run commands on the victim’s local machine with the authority of the user.

References (1)

[Vendor Advisory] https://support.blackberry.com/kb/articleDetail?articleNumber=000078971

Scores

CVSS v3 7.3

EPSS 0.0065

EPSS Percentile 71.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-1236

Status published

Products (4)

blackberry/unified_endpoint_management 12.12.1a quick_fix_1 (6 CPE variants)

blackberry/unified_endpoint_management 12.13.0 (2 CPE variants)

blackberry/unified_endpoint_management 12.13.1 quick_fix_1 (2 CPE variants)

blackberry/unified_endpoint_management < 12.12.0

Published May 13, 2021

Tracked Since Feb 18, 2026