CVE-2020-6932

Name of the Vulnerable Software and Affected Versions BlackBerry QNX Software Development Platform versions 6.4.0 through 6.6.0

Description The issue is related to an information disclosure and remote code execution vulnerability in the slinger web server. This could allow an attacker to read arbitrary files and run arbitrary executables in the context of the web server. The vulnerability involves directory traversal and remote code execution (RCE) in the QNX Slinger web server.

Recommendations For BlackBerry QNX Software Development Platform versions 6.4.0 through 6.6.0, consider disabling the slinger web server until a patch is available to prevent potential exploitation. Restrict access to sensitive files and directories to minimize the risk of information disclosure. As a temporary workaround, limit the execution of arbitrary executables in the context of the web server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.