CVE-2021-22152 - Vulnerability Details

Vendors	Products
Blackberry	Unified Endpoint Management

Link	Providers
https://support.blackberry.com/kb/articleDetail?articleNumber=000078971

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-13T10:43:47", "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@blackberry.com", "ID": "CVE-2021-22152", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971", "refsource": "MISC", "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:16.706Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"}]}]}, "cveMetadata": {"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "assignerShortName": "blackberry", "cveId": "CVE-2021-22152", "datePublished": "2021-05-13T10:43:47", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-08-03T18:37:16.706Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-05-13T10:43:47 (string)

orgId : dbe78b00-5e7b-4fda-8748-329789ecfc5c (string)

shortName : blackberry (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://support.blackberry.com/kb/articleDetail?articleNumber=000078971 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secure@blackberry.com (string)

ID : CVE-2021-22152 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://support.blackberry.com/kb/articleDetail?articleNumber=000078971 (string)

refsource : MISC (string)

url : https://support.blackberry.com/kb/articleDetail?articleNumber=000078971 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T18:37:16.706Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://support.blackberry.com/kb/articleDetail?articleNumber=000078971 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : dbe78b00-5e7b-4fda-8748-329789ecfc5c (string)

assignerShortName : blackberry (string)

cveId : CVE-2021-22152 (string)

datePublished : 2021-05-13T10:43:47 (string)

dateReserved : 2021-01-04T00:00:00 (string)

dateUpdated : 2024-08-03T18:37:16.706Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "7BB3D5E6-0613-45E2-8575-07DD6CD77BF4", "versionEndIncluding": "12.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_1:*:*:*:*:*:*", "matchCriteriaId": "D6ED78FF-D486-4FE6-9599-7738729D8F28", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_2:*:*:*:*:*:*", "matchCriteriaId": "593930DE-6A05-48B3-A886-87E72DDCD44C", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_3:*:*:*:*:*:*", "matchCriteriaId": "A07E7ACB-B93D-4774-BFE2-8CEAE89AFDF8", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_4:*:*:*:*:*:*", "matchCriteriaId": "984D7F36-D826-4D38-882C-9C822C4CDDA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_5:*:*:*:*:*:*", "matchCriteriaId": "B5DC0EDB-41B6-4605-AF43-37A0701C96CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_6:*:*:*:*:*:*", "matchCriteriaId": "03BB3AC1-DC2B-4871-A47C-23E5AFE8E72A", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.0:-:*:*:*:*:*:*", "matchCriteriaId": "925C2316-6DE8-40ED-AFF2-F4A9849D2B85", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.0:mr1:*:*:*:*:*:*", "matchCriteriaId": "B153A25D-8D7C-4734-8BB9-93C5E6385BE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.1:quick_fix_1:*:*:*:*:*:*", "matchCriteriaId": "36AFE854-85F3-4157-A2C5-8FE374485FF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:blackberry:unified_endpoint_management:12.13.1:quick_fix_2:*:*:*:*:*:*", "matchCriteriaId": "61B8E4D4-E3DB-4693-BF88-513687E45BA2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections."}, {"lang": "es", "value": "Una Denegaci\u00f3n de Servicio debido a una vulnerabilidad de Comprobaci\u00f3n de entrada Inapropiada en el componente de la Consola de Administraci\u00f3n de BlackBerry UEM versi\u00f3n(s) 12.13.1 QF2 12.12.1 y anteriores y 12.12.1aQF6 y anteriores podr\u00eda permitir a un atacante impedir potencialmente cualquier conexi\u00f3n de usuario nuevo"}], "id": "CVE-2021-22152", "lastModified": "2024-11-21T05:49:36.537", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-13T11:15:07.923", "references": [{"source": "secure@blackberry.com", "tags": ["Vendor Advisory"], "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000078971"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:blackberry:unified_endpoint_management:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 7BB3D5E6-0613-45E2-8575-07DD6CD77BF4 (string)

versionEndIncluding : 12.12.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_1:*:*:*:*:*:* (string)

matchCriteriaId : D6ED78FF-D486-4FE6-9599-7738729D8F28 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_2:*:*:*:*:*:* (string)

matchCriteriaId : 593930DE-6A05-48B3-A886-87E72DDCD44C (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_3:*:*:*:*:*:* (string)

matchCriteriaId : A07E7ACB-B93D-4774-BFE2-8CEAE89AFDF8 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_4:*:*:*:*:*:* (string)

matchCriteriaId : 984D7F36-D826-4D38-882C-9C822C4CDDA3 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_5:*:*:*:*:*:* (string)

matchCriteriaId : B5DC0EDB-41B6-4605-AF43-37A0701C96CE (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:a:blackberry:unified_endpoint_management:12.12.1a:quick_fix_6:*:*:*:*:*:* (string)

matchCriteriaId : 03BB3AC1-DC2B-4871-A47C-23E5AFE8E72A (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:a:blackberry:unified_endpoint_management:12.13.0:-:*:*:*:*:*:* (string)

matchCriteriaId : 925C2316-6DE8-40ED-AFF2-F4A9849D2B85 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:a:blackberry:unified_endpoint_management:12.13.0:mr1:*:*:*:*:*:* (string)

matchCriteriaId : B153A25D-8D7C-4734-8BB9-93C5E6385BE3 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:a:blackberry:unified_endpoint_management:12.13.1:quick_fix_1:*:*:*:*:*:* (string)

matchCriteriaId : 36AFE854-85F3-4157-A2C5-8FE374485FF5 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:a:blackberry:unified_endpoint_management:12.13.1:quick_fix_2:*:*:*:*:*:* (string)

matchCriteriaId : 61B8E4D4-E3DB-4693-BF88-513687E45BA2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A Denial of Service due to Improper Input Validation vulnerability in the Management Console component of BlackBerry UEM version(s) 12.13.1 QF2 and earlier and 12.12.1a QF6 and earlier could allow an attacker to potentially to prevent any new user connections. (string)

}

1 : { »

lang : es (string)

value : Una Denegación de Servicio debido a una vulnerabilidad de Comprobación de entrada Inapropiada en el componente de la Consola de Administración de BlackBerry UEM versión(s) 12.13.1 QF2 12.12.1 y anteriores y 12.12.1aQF6 y anteriores podría permitir a un atacante impedir potencialmente cualquier conexión de usuario nuevo (string)

}

]

id : CVE-2021-22152 (string)

lastModified : 2024-11-21T05:49:36.537 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 2.1 (number)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:N/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : HIGH (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-05-13T11:15:07.923 (string)

references : [ »

0 : { »

source : secure@blackberry.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.blackberry.com/kb/articleDetail?articleNumber=000078971 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://support.blackberry.com/kb/articleDetail?articleNumber=000078971 (string)

}

]

sourceIdentifier : secure@blackberry.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object