CVE-2020-6932

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
blackberryCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
blackberryqnx_software_development_platform
6.4.0 ≤
𝑥
≤ 6.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.blackberry.com/kb/articleDetail?articleNumber=000061411
http://support.blackberry.com/kb/articleDetail?articleNumber=000061411