{"api_version":"1","generated_at":"2026-04-23T02:35:01+00:00","cve":"CVE-2019-8999","urls":{"html":"https://cve.report/CVE-2019-8999","api":"https://cve.report/api/cve/CVE-2019-8999.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-8999","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-8999"},"summary":{"title":"CVE-2019-8999","description":"An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.","state":"PUBLIC","assigner":"secure@blackberry.com","published_at":"2019-04-18 17:29:00","updated_at":"2019-04-19 15:55:00"},"problem_types":["CWE-611"],"metrics":[],"references":[{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000056241","name":"http://support.blackberry.com/kb/articleDetail?articleNumber=000056241","refsource":"MISC","tags":["Mitigation","Patch","Vendor Advisory"],"title":"BSRT-2019-002 Vulnerability in UEM Core Impacts BlackBerry UEM","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-8999","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-8999","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"8999","vulnerable":"1","versionEndIncluding":"12.10.1a","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"unified_endpoint_management","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-8999","ASSIGNER":"secure@blackberry.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"BlackBerry UEM","version":{"version_data":[{"version_value":"12.10.1a and earlier"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"XML External Entity"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"http://support.blackberry.com/kb/articleDetail?articleNumber=000056241","url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000056241"}]},"description":{"description_data":[{"lang":"eng","value":"An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account."}]}},"nvd":{"publishedDate":"2019-04-18 17:29:00","lastModifiedDate":"2019-04-19 15:55:00","problem_types":["CWE-611"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:blackberry:unified_endpoint_management:*:*:*:*:*:*:*:*","versionEndIncluding":"12.10.1a","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"8999","Ordinal":"146846","Title":"CVE-2019-8999","CVE":"CVE-2019-8999","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"8999","Ordinal":"1","NoteData":"An XML External Entity vulnerability in the UEM Core of BlackBerry UEM version(s) earlier than 12.10.1a could allow an attacker to potentially gain read access to files on any system reachable by the UEM service account.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"8999","Ordinal":"2","NoteData":"2019-04-18","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"8999","Ordinal":"3","NoteData":"2019-04-18","Type":"Other","Title":"Modified"}]}}}