PT-2023-18276 · Blackberry · Blackberry Athoc

Publicado

2023-09-12

Atualizado

2023-09-15

CVE-2023-21520

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions BlackBerry AtHoc version 7.15

Description A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization.

Recommendations For BlackBerry AtHoc version 7.15, consider restricting access to the Self Service Credential Recovery feature until a patch is available. As a temporary workaround, limit the information that can be recovered through this feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-21520

Produtos afetados

Blackberry Athoc

PT-2023-18276 · Blackberry · Blackberry Athoc

CVE-2023-21520

Identificadores relacionados

Produtos afetados

Referências · 4