CVE-2019-8999
https://notcve.org/view.php?id=CVE-2019-8999
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account. Una vulnerabilidad de entidad externa XML en el UEM Core de BlackBerry UEM anterior a la versión 12.10.1a podría permitir a un atacante conseguir acceso de lectura a archivos en cualquier sistema accesible por la cuenta de servicio UEM. • http://support.blackberry.com/kb/articleDetail?articleNumber=000056241 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2019-8997
https://notcve.org/view.php?id=CVE-2019-8997
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. Una vulnerabilidad XEE (XML External Entity) en el sistema de gestión (consola) de BlackBerry AtHoc, en versiones anteriores a la 7.6 HF-567, podría permitir que un atacante lea archivos locales arbitrarios desde el servidor de aplicaciones o realice peticiones en la red introduciendo XML maliciosamente manipulado en un campo existente. • https://github.com/nxkennedy/CVE-2019-8997 http://support.blackberry.com/kb/articleDetail?articleNumber=000047227 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-8892
https://notcve.org/view.php?id=CVE-2018-8892
A cross-site request forgery (CSRF) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to make modifications to the UEM settings in the context of a Management Console administrator. Una vulnerabilidad Cross-Site Request Forgery (CSRF) en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.9.1, podría permitir que un atacante modifique las opciones de UEM en el contexto de un administrador de la consola. • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2018-8888
https://notcve.org/view.php?id=CVE-2018-8888
A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.10.0, podría permitir que un atacante almacene comandos script que podrían ejecutarse posteriormente en el contexto de otro administrador de la consola. • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-8891
https://notcve.org/view.php?id=CVE-2018-8891
Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator. Múltiples vulnerabilidades Cross-Site Scripting (XSS) persistente en la consola de gestión de BlackBerry UEM, en versiones anteriores a la 12.9.1, podrían permitir que un atacante almacene comandos script que podrían ejecutarse posteriormente en el contexto de otro administrador de la consola. • http://support.blackberry.com/kb/articleDetail?articleNumber=000054162 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •