CVE-2019-8999
Published Apr 18, 2019
Last updated 6 years ago
Overview
- Description
- An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.
- Source
- secure@blackberry.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-611
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88290FA0-8A95-44CA-9094-DD0470A84C5F",
"versionEndIncluding": "12.10.1a"
}
],
"operator": "OR"
}
]
}
]