Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization.
AnalysisAI
A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization. Affected products include: Blackberry Athoc. Version information: version 7.15.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
An SQL Injection vulnerability in the Management Console (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could a
A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.1
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions ear
A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry A
A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow
An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry® AtHoc® (OnPrem) versio
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today