CVE-2023-21521
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An SQL Injection vulnerability in the Management Console (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
¿Una vulnerabilidad de inyección SQL en la Consola de Administración? (Operator Audit Trail) de BlackBerry AtHoc versión 7.15 podría permitir a un atacante leer potencialmente datos confidenciales de la base de datos, modificar datos de la base de datos (Insertar/Actualizar/Eliminar), ejecutar operaciones de administración en la base de datos, recuperar el contenido de un archivo determinado presente en el sistema de archivos DBMS y, en algunos casos, emitir comandos al sistema operativo.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2022-11-17 CVE Reserved
- 2023-09-12 CVE Published
- 2024-09-18 EPSS Updated
- 2024-09-26 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.blackberry.com/kb/articleDetail?articleNumber=000112406 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Blackberry Search vendor "Blackberry" | Athoc Search vendor "Blackberry" for product "Athoc" | 7.15 Search vendor "Blackberry" for product "Athoc" and version "7.15" | - |
Affected
| ||||||