Vulnerability-Lookup

CVE-2023-21522 (GCVE-0-2023-21522)

Vulnerability from cvelistv5 – Published: 2023-09-12 18:29 – Updated: 2024-09-25 20:02

Summary

A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account.

Severity

No CVSS data available.

Assigner

blackberry

References

1 reference

URL	Tags
https://support.blackberry.com/kb/articleDetail?a…

Impacted products

1 product

Vendor	Product	Version
BlackBerry	AtHoc	Affected: 7.15

Date Public

2023-09-12 18:28

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:44:01.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21522",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T20:02:04.289728Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T20:02:13.197Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AtHoc",
          "vendor": "BlackBerry",
          "versions": [
            {
              "status": "affected",
              "version": "7.15"
            }
          ]
        }
      ],
      "datePublic": "2023-09-12T18:28:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim\u0027s browser then they can execute script commands in the context of the affected user account.\u0026nbsp;"
            }
          ],
          "value": "\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim\u0027s browser then they can execute script commands in the context of the affected user account.\u00a0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-12T19:50:40.805Z",
        "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "shortName": "blackberry"
      },
      "references": [
        {
          "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
    "assignerShortName": "blackberry",
    "cveId": "CVE-2023-21522",
    "datePublished": "2023-09-12T18:29:24.729Z",
    "dateReserved": "2022-11-17T22:40:09.108Z",
    "dateUpdated": "2024-09-25T20:02:13.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-21522",
      "date": "2026-05-30",
      "epss": "0.00721",
      "percentile": "0.72819"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7D7D98E8-462C-40B1-8106-B361BAF3448B\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"\\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim\u0027s browser then they can execute script commands in the context of the affected user account.\\u00a0\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de Cross-site Scripting (XSS) Reflejada en la Consola de Administraci\\u00f3n (informes) de BlackBerry AtHoc versi\\u00f3n 7.15 podr\\u00eda permitir a un atacante controlar potencialmente el script que se ejecuta en el navegador de la v\\u00edctima y luego puede ejecutar comandos de script en el contexto del sitio afectado cuenta de usuario.\"}]",
      "id": "CVE-2023-21522",
      "lastModified": "2024-11-21T07:43:00.303",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}]}",
      "published": "2023-09-12T19:15:36.153",
      "references": "[{\"url\": \"https://support.blackberry.com/kb/articleDetail?articleNumber=000112406\", \"source\": \"secure@blackberry.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.blackberry.com/kb/articleDetail?articleNumber=000112406\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@blackberry.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-21522\",\"sourceIdentifier\":\"secure@blackberry.com\",\"published\":\"2023-09-12T19:15:36.153\",\"lastModified\":\"2024-11-21T07:43:00.303\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"\\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim\u0027s browser then they can execute script commands in the context of the affected user account.\u00a0\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Cross-site Scripting (XSS) Reflejada en la Consola de Administraci\u00f3n (informes) de BlackBerry AtHoc versi\u00f3n 7.15 podr\u00eda permitir a un atacante controlar potencialmente el script que se ejecuta en el navegador de la v\u00edctima y luego puede ejecutar comandos de script en el contexto del sitio afectado cuenta de usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D7D98E8-462C-40B1-8106-B361BAF3448B\"}]}]}],\"references\":[{\"url\":\"https://support.blackberry.com/kb/articleDetail?articleNumber=000112406\",\"source\":\"secure@blackberry.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.blackberry.com/kb/articleDetail?articleNumber=000112406\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.blackberry.com/kb/articleDetail?articleNumber=000112406\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:44:01.217Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-21522\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-25T20:02:04.289728Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-25T20:02:07.877Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"BlackBerry\", \"product\": \"AtHoc\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.15\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2023-09-12T18:28:00.000Z\", \"references\": [{\"url\": \"https://support.blackberry.com/kb/articleDetail?articleNumber=000112406\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"\\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim\u0027s browser then they can execute script commands in the context of the affected user account.\\u00a0\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim\u0027s browser then they can execute script commands in the context of the affected user account.\u0026nbsp;\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"dbe78b00-5e7b-4fda-8748-329789ecfc5c\", \"shortName\": \"blackberry\", \"dateUpdated\": \"2023-09-12T19:50:40.805Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-21522\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-25T20:02:13.197Z\", \"dateReserved\": \"2022-11-17T22:40:09.108Z\", \"assignerOrgId\": \"dbe78b00-5e7b-4fda-8748-329789ecfc5c\", \"datePublished\": \"2023-09-12T18:29:24.729Z\", \"assignerShortName\": \"blackberry\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2023-21522

Vulnerability from fkie_nvd - Published: 2023-09-12 19:15 - Updated: 2024-11-21 07:43

Severity

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	secure@blackberry.com	https://support.blackberry.com/kb/articleDetail?articleNumber=000112406	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.blackberry.com/kb/articleDetail?articleNumber=000112406	Vendor Advisory

Impacted products

	Vendor	Product	Version
	blackberry	athoc	7.15

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D7D98E8-462C-40B1-8106-B361BAF3448B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim\u0027s browser then they can execute script commands in the context of the affected user account.\u00a0"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Cross-site Scripting (XSS) Reflejada en la Consola de Administraci\u00f3n (informes) de BlackBerry AtHoc versi\u00f3n 7.15 podr\u00eda permitir a un atacante controlar potencialmente el script que se ejecuta en el navegador de la v\u00edctima y luego puede ejecutar comandos de script en el contexto del sitio afectado cuenta de usuario."
    }
  ],
  "id": "CVE-2023-21522",
  "lastModified": "2024-11-21T07:43:00.303",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-12T19:15:36.153",
  "references": [
    {
      "source": "secure@blackberry.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406"
    }
  ],
  "sourceIdentifier": "secure@blackberry.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-3HCC-49C8-3MWC

Vulnerability from github – Published: 2023-09-12 21:30 – Updated: 2024-04-04 07:38

Details

Severity

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-21522"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-12T19:15:36Z",
    "severity": "MODERATE"
  },
  "details": "\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim\u0027s browser then they can execute script commands in the context of the affected user account.\u00a0",
  "id": "GHSA-3hcc-49c8-3mwc",
  "modified": "2024-04-04T07:38:22Z",
  "published": "2023-09-12T21:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21522"
    },
    {
      "type": "WEB",
      "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-21522

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-21522

Aliases

CVE-2023-21522

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-21522",
    "id": "GSD-2023-21522"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-21522"
      ],
      "details": "\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim\u0027s browser then they can execute script commands in the context of the affected user account.\u00a0",
      "id": "GSD-2023-21522",
      "modified": "2023-12-13T01:20:25.232584Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@blackberry.com",
        "ID": "CVE-2023-21522",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "AtHoc",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "7.15"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "BlackBerry"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim\u0027s browser then they can execute script commands in the context of the affected user account.\u00a0"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406",
            "refsource": "MISC",
            "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@blackberry.com",
          "ID": "CVE-2023-21522"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim\u0027s browser then they can execute script commands in the context of the affected user account.\u00a0"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000112406"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2023-09-15T13:48Z",
      "publishedDate": "2023-09-12T19:15Z"
    }
  }
}

WID-SEC-W-2023-2321

Vulnerability from csaf_certbund - Published: 2023-09-12 22:00 - Updated: 2023-09-12 22:00

Summary

BlackBerry AtHoc Server: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Blackberry stellt mobile Endgeräte sowie zugehörige Management-Tools zur Verfügung

Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in BlackBerry AtHoc Server ausnutzen, um Informationen offenzulegen, SQL-Injection-Angriffe durchzuführen und Cross-Site-Scripting-Angriffe zu starten.

Betroffene Betriebssysteme: - Blackberry

CVE-2023-21523

In der BlackBerry AtHoc Management Console existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgemäß überprüft, bevor sie an den Benutzer zurückgegeben werden. Ein entfernter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
BlackBerry BlackBerry AtHoc Server 7.15 BlackBerry	`cpe:/o:blackberry:blackberry_os:7.15::athoc_server`	—

CVE-2023-21522

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
BlackBerry BlackBerry AtHoc Server 7.15 BlackBerry	`cpe:/o:blackberry:blackberry_os:7.15::athoc_server`	—

CVE-2023-21521

Es existiert eine SQL-Injection Schwachstelle in der BlackBerry AtHoc Management Console. Ein Angreifer kann dadurch Informationen in der Datenbank offenlegen oder manipulieren. Zur Ausnutzung ist entweder eine Nutzeraktion oder eine Authentisierung erforderlich.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
BlackBerry BlackBerry AtHoc Server 7.15 BlackBerry	`cpe:/o:blackberry:blackberry_os:7.15::athoc_server`	—

CVE-2023-21520

Es besteht eine Schwachstelle in BlackBerry AtHoc in der Self Service-Komponente. Kontowiederherstellungsformulare zeigen an, ob eine bestimmte Telefonnummer oder E-Mail-Adresse gefunden wurde. Ein authentifizierter Angreifer kann dies ausnutzen, um Informationen über Benutzerkonten abzufragen.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
BlackBerry BlackBerry AtHoc Server 7.15 BlackBerry	`cpe:/o:blackberry:blackberry_os:7.15::athoc_server`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.blackberry.com/kb/articleDetail?l…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Blackberry stellt mobile Endger\u00e4te sowie zugeh\u00f6rige Management-Tools zur Verf\u00fcgung",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in BlackBerry AtHoc Server ausnutzen, um Informationen offenzulegen, SQL-Injection-Angriffe durchzuf\u00fchren und Cross-Site-Scripting-Angriffe zu starten.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Blackberry",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2321 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2321.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2321 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2321"
      },
      {
        "category": "external",
        "summary": "BlackBerry Security Advisory BSRT-2023-001 vom 2023-09-12",
        "url": "https://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000112406"
      }
    ],
    "source_lang": "en-US",
    "title": "BlackBerry AtHoc Server: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-09-12T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:58:18.688+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2321",
      "initial_release_date": "2023-09-12T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-09-12T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "BlackBerry BlackBerry AtHoc Server 7.15",
            "product": {
              "name": "BlackBerry BlackBerry AtHoc Server 7.15",
              "product_id": "T029803",
              "product_identification_helper": {
                "cpe": "cpe:/o:blackberry:blackberry_os:7.15::athoc_server"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "BlackBerry"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-21523",
      "notes": [
        {
          "category": "description",
          "text": "In der BlackBerry AtHoc Management Console existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029803"
        ]
      },
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2023-21523"
    },
    {
      "cve": "CVE-2023-21522",
      "notes": [
        {
          "category": "description",
          "text": "In der BlackBerry AtHoc Management Console existieren mehrere Cross-Site Scripting Schwachstellen. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter Angreifer kann durch Ausnutzung dieser Schwachstellen beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029803"
        ]
      },
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2023-21522"
    },
    {
      "cve": "CVE-2023-21521",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine SQL-Injection Schwachstelle in der BlackBerry AtHoc Management Console. Ein Angreifer kann dadurch Informationen in der Datenbank offenlegen oder manipulieren. Zur Ausnutzung ist entweder eine Nutzeraktion oder eine Authentisierung erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029803"
        ]
      },
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2023-21521"
    },
    {
      "cve": "CVE-2023-21520",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in BlackBerry AtHoc in der Self Service-Komponente. Kontowiederherstellungsformulare zeigen an, ob eine bestimmte Telefonnummer oder E-Mail-Adresse gefunden wurde. Ein authentifizierter Angreifer kann dies ausnutzen, um Informationen \u00fcber Benutzerkonten abzufragen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T029803"
        ]
      },
      "release_date": "2023-09-12T22:00:00.000+00:00",
      "title": "CVE-2023-21520"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-21522 (GCVE-0-2023-21522)

FKIE_CVE-2023-21522

GHSA-3HCC-49C8-3MWC

GSD-2023-21522

WID-SEC-W-2023-2321

Tags

Sightings

Nomenclature