First published: Wed Aug 12 2020(Updated: )
An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.
Credit: secure@blackberry.com
Affected Software | Affected Version | How to fix |
---|---|---|
BlackBerry QNX Software Development Platform | >=6.4.0<=6.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2020-6932.
The severity of CVE-2020-6932 is critical with a CVSS score of 9.8.
The affected software is the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0.
An attacker could potentially read arbitrary files and run arbitrary executables in the context of the web server.
To fix this vulnerability, update to a version of the BlackBerry QNX Software Development Platform that is not affected (version greater than 6.6.0).