CVE-2019-8999

{"id": "CVE-2019-8999", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-04-18T17:29:01.430", "references": [{"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "secure@blackberry.com"}, {"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000056241", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account."}, {"lang": "es", "value": "Una vulnerabilidad de entidad externa XML en el UEM Core de BlackBerry UEM anterior a la versi\u00f3n 12.10.1a podr\u00eda permitir a un atacante conseguir acceso de lectura a archivos en cualquier sistema accesible por la cuenta de servicio UEM."}], "lastModified": "2024-11-21T04:50:47.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88290FA0-8A95-44CA-9094-DD0470A84C5F", "versionEndIncluding": "12.10.1a"}], "operator": "OR"}]}], "sourceIdentifier": "secure@blackberry.com"}