PT-2023-18276 · Blackberry · Blackberry Athoc

Published

2023-09-12

Updated

2023-09-15

CVE-2023-21520

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions BlackBerry AtHoc version 7.15

Description A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization.

Recommendations For BlackBerry AtHoc version 7.15, consider restricting access to the Self Service Credential Recovery feature until a patch is available. As a temporary workaround, limit the information that can be recovered through this feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2023-21520

Affected Products

Blackberry Athoc

PT-2023-18276 · Blackberry · Blackberry Athoc

CVE-2023-21520

Related Identifiers

Affected Products

References · 4