Primary

Context

BlackBerry AtHoc Insecure Direct Object Reference Vulnerability in Management Console

Vulnerability

Patched

A vulnerability allowing Insecure Direct Object Reference (IDOR) has been identified in the Management Console of BlackBerry AtHoc (OnPrem) version 7.21. This vulnerability could enable an authenticated operator to gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS).

Impact

Exploitation of this vulnerability could lead to unauthorized access to information about other organizations on the same IWS.

Remediation

Users should contact BlackBerry Customer Support or Professional Services to obtain the latest update. The patched version is BlackBerry AtHoc (OnPrem) 7.21 HF-727 build 1255.

Added: Nov 19, 2025, 5:30 PM

Updated: Nov 19, 2025, 7:44 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BlackBerry AtHoc Insecure Direct Object Reference Vulnerability in Management Console

Vulnerability

Impact

Remediation

Affected Products

BlackBerry AtHoc

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating