2023-09-12 22:00:28 +00:00
{
"id" : "CVE-2023-21523" ,
"sourceIdentifier" : "secure@blackberry.com" ,
"published" : "2023-09-12T20:15:08.010" ,
2023-09-15 16:00:29 +00:00
"lastModified" : "2023-09-15T14:01:19.187" ,
"vulnStatus" : "Analyzed" ,
2023-09-12 22:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.\n\n\n\n\n\n\n\n"
}
] ,
2023-09-15 16:00:29 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" ,
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
"availabilityImpact" : "NONE" ,
"baseScore" : 5.4 ,
"baseSeverity" : "MEDIUM"
} ,
"exploitabilityScore" : 2.3 ,
"impactScore" : 2.7
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "7D7D98E8-462C-40B1-8106-B361BAF3448B"
}
]
}
]
}
] ,
2023-09-12 22:00:28 +00:00
"references" : [
{
"url" : "https://http://support.blackberry.com/kb/articleDetail?articleNumber=000112406" ,
2023-09-15 16:00:29 +00:00
"source" : "secure@blackberry.com" ,
"tags" : [
"Vendor Advisory"
]
2023-09-12 22:00:28 +00:00
}
]
}
