CVE-2020-6932

EUVD-2020-28074
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
blackberryCNA
10 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
Affected Products (NVD)
VendorProductVersion
blackberryqnx_software_development_platform
6.4.0 ≤
𝑥
≤ 6.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://support.blackberry.com/kb/articleDetail?articleNumber=000061411
http://support.blackberry.com/kb/articleDetail?articleNumber=000061411