CVE-2019-8997

Name of the Vulnerable Software and Affected Versions BlackBerry AtHoc versions prior to 7.6 HF-567

Description A vulnerability exists that could allow an attacker to read arbitrary local files from the application server or make requests on the network by entering maliciously crafted XML in an existing field. This issue is related to an XML External Entity Injection (XXE) vulnerability in the Management System (console).

Recommendations For versions prior to 7.6 HF-567, update to version 7.6 HF-567 or later to resolve the issue. As a temporary workaround, consider restricting access to the Management System (console) to minimize the risk of exploitation. Avoid using maliciously crafted XML in existing fields until the issue is resolved.