CVE-2019-8999

EUVD-2019-18386
An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
blackberryunified_endpoint_management
𝑥
≤ 12.10.1a
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.blackberry.com/kb/articleDetail?articleNumber=000056241
http://support.blackberry.com/kb/articleDetail?articleNumber=000056241