{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"QNX Software Development Platform (SDP)","vendor":"BlackBerry","versions":[{"lessThanOrEqual":"6.6.0","status":"affected","version":"6.4.0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.</p>"}],"value":"An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server."}],"impacts":[{"capecId":"CAPEC-64","descriptions":[{"lang":"en","value":"CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":10,"baseSeverity":"CRITICAL","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-150","description":"CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"dbe78b00-5e7b-4fda-8748-329789ecfc5c","shortName":"blackberry","dateUpdated":"2025-08-22T15:16:18.943Z"},"references":[{"tags":["x_refsource_MISC"],"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@blackberry.com","ID":"CVE-2020-6932","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://support.blackberry.com/kb/articleDetail?articleNumber=000061411","refsource":"MISC","url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T09:18:01.477Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"}]}]},"cveMetadata":{"assignerOrgId":"dbe78b00-5e7b-4fda-8748-329789ecfc5c","assignerShortName":"blackberry","cveId":"CVE-2020-6932","datePublished":"2020-08-12T12:21:32.000Z","dateReserved":"2020-01-13T00:00:00.000Z","dateUpdated":"2025-08-22T15:16:18.943Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}