Innovative Minds - On Point - One Group  

1 Post(s) By: Nolan Kennedy

13
Mar
2019

XXE Vulnerability in BlackBerry AtHoc (Networked Crisis Communication) Platform

By:

Recently I had the opportunity to test an installation of AtHoc – BlackBerry’s emergency notification system. During the course of the test, I discovered an XML External Entity (XXE) vulnerability in BlackBerry AtHoc 7.6.0 affecting the Delivery Template feature used to customize emergency notification messages and demonstrated how an authenticated attacker could read files off

Read More