{"api_version":"1","generated_at":"2026-04-22T22:49:28+00:00","cve":"CVE-2020-6932","urls":{"html":"https://cve.report/CVE-2020-6932","api":"https://cve.report/api/cve/CVE-2020-6932.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-6932","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-6932"},"summary":{"title":"CVE-2020-6932","description":"An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.","state":"PUBLIC","assigner":"secure@blackberry.com","published_at":"2020-08-12 13:15:00","updated_at":"2021-07-21 11:39:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000061411","name":"http://support.blackberry.com/kb/articleDetail?articleNumber=000061411","refsource":"MISC","tags":["Vendor Advisory"],"title":"QNX-2020-001 Vulnerability in slinger web server Impacts BlackBerry QNX Software Development Platform","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-6932","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-6932","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"6932","vulnerable":"1","versionEndIncluding":"6.6.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"qnx_software_development_platform","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-6932","ASSIGNER":"secure@blackberry.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"http://support.blackberry.com/kb/articleDetail?articleNumber=000061411","url":"http://support.blackberry.com/kb/articleDetail?articleNumber=000061411"}]},"description":{"description_data":[{"lang":"eng","value":"An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server."}]}},"nvd":{"publishedDate":"2020-08-12 13:15:00","lastModifiedDate":"2021-07-21 11:39:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":10},"severity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndIncluding":"6.6.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"6932","Ordinal":"167203","Title":"CVE-2020-6932","CVE":"CVE-2020-6932","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"6932","Ordinal":"1","NoteData":"An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Development Platform versions 6.4.0 to 6.6.0 could allow an attacker to potentially read arbitrary files and run arbitrary executables in the context of the web server.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"6932","Ordinal":"2","NoteData":"2020-08-12","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"6932","Ordinal":"3","NoteData":"2020-08-12","Type":"Other","Title":"Modified"}]}}}