CVE-2023-21521

Name of the Vulnerable Software and Affected Versions BlackBerry AtHoc version 7.15

Description An SQL Injection issue in the Management Console (Operator Audit Trail) could allow an attacker to read sensitive data from the database, modify database data, execute administration operations on the database, recover the content of a given file present on the DBMS file system, and in some cases issue commands to the operating system.

Recommendations For version 7.15, consider disabling access to the Management Console (Operator Audit Trail) until a patch is available to prevent potential SQL Injection attacks. Restrict database privileges to minimize the risk of data modification or unauthorized access. Avoid using sensitive data in the Management Console to reduce the potential impact of an SQL Injection attack.