CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51723 – Vulnerability in Management Console Impacts BlackBerry AtHoc
https://notcve.org/view.php?id=CVE-2024-51723
25 Nov 2024 — A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session. • https://support.blackberry.com/pkb/s/article/140250 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21520
https://notcve.org/view.php?id=CVE-2023-21520
12 Sep 2023 — A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization. Una Enumeración de PII mediante Recuperación de Credenciales en el Autoservicio (Recuperación de Credenciales) de BlackBerry AtHoc versión 7.15 podría permitir a un atacante asociar potencialmente una lista de detalles de contacto con una organización AtHoc IWS. A PII Enumeration via Cre... • https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21523
https://notcve.org/view.php?id=CVE-2023-21523
12 Sep 2023 — A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account. Una vulnerabilidad de Cross-site Scripting (XSS) almacenado en la Consola de Administración (Administración de Usuarios y Alertas) de BlackBerry AtHoc versión 7.15 podría permitir a un atacante ejecutar comandos de script en el contexto de la cuenta de usuario afectada. • https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21522
https://notcve.org/view.php?id=CVE-2023-21522
12 Sep 2023 — A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account. Una vulnerabilidad de Cross-site Scripting (XSS) Reflejada en la Consola de Administración (informes) de BlackBerry AtHoc versión 7.15 podría permitir a un atacante controlar potencialmente el script que se eje... • https://support.blackberry.com/kb/articleDetail?articleNumber=000112406 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-21521
https://notcve.org/view.php?id=CVE-2023-21521
12 Sep 2023 — An SQL Injection vulnerability in the Management Console (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. ¿Una vulnerabilidad de inyección SQL en la Consola de Administración? (Operator Audit Trail) de Bla... • https://support.blackberry.com/kb/articleDetail?articleNumber=000112406 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •