Vulnerabilites related to blackberry - qnx_os_for_safety
cve-2021-32025
Vulnerability from cvelistv5
Published
2022-03-09 20:37
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.
References
| ▼ | URL | Tags |
|---|---|---|
| http://support.blackberry.com/kb/articleDetail?articleNumber=000090868 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | QNX Software Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS) |
Version: QNX SDP 6.4.0 to 7.0 Version: QNX Momentics all 6.3.x versions Version: QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262 Version: QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262 Version: QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304 Version: QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:28.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QNX\u202fSoftware Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "QNX SDP 6.4.0 to 7.0"
},
{
"status": "affected",
"version": "QNX Momentics all 6.3.x versions"
},
{
"status": "affected",
"version": "QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"status": "affected",
"version": "QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"status": "affected",
"version": "QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304"
},
{
"status": "affected",
"version": "QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T20:37:56",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2021-32025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QNX\u202fSoftware Development Platform (SDP), QNX OS for Medical (QOSM), and QNX OS for Safety (QOS)",
"version": {
"version_data": [
{
"version_value": "QNX SDP 6.4.0 to 7.0"
},
{
"version_value": "QNX Momentics all 6.3.x versions"
},
{
"version_value": "QNX OS for Safety versions 1.0.0 to 1.0.2 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"version_value": "QNX OS for Safety versions 2.0.0 to 2.0.1 safety products compliant with IEC 61508 and/or ISO 26262"
},
{
"version_value": "QNX OS for Medical versions 1.0.0 to 1.1.1 safety products compliant with IEC 62304"
},
{
"version_value": "QNX OS for Medical versions 2.0.0 safety product compliant with IEC 62304"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868",
"refsource": "MISC",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2021-32025",
"datePublished": "2022-03-09T20:37:56",
"dateReserved": "2021-05-03T00:00:00",
"dateUpdated": "2024-08-03T23:17:28.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-22156
Vulnerability from cvelistv5
Published
2021-08-17 18:35
Modified
2024-08-03 18:37
Severity ?
EPSS score ?
Summary
An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 | x_refsource_MISC | |
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL | vendor-advisory, x_refsource_CISCO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | BlackBerry QNX Software Development Platform (SDP), QNX OS for Medical and QNX OS for Safety |
Version: QNX SDP 6.5.0 SP1 and earlier Version: QNX OS for Medical 1.1 and earlier Version: QNX OS for Safety 1.0.1 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:17.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000082334"
},
{
"name": "20210818 BlackBerry QNX-2021-001 Vulnerability Affecting Cisco Products: August 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlackBerry QNX Software Development Platform (SDP), QNX OS for Medical and QNX OS for Safety",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "QNX SDP 6.5.0 SP1 and earlier"
},
{
"status": "affected",
"version": "QNX OS for Medical 1.1 and earlier"
},
{
"status": "affected",
"version": "QNX OS for Safety 1.0.1 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry\u00ae QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service or arbitrary code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T17:06:39",
"orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"shortName": "blackberry"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000082334"
},
{
"name": "20210818 BlackBerry QNX-2021-001 Vulnerability Affecting Cisco Products: August 2021",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"ID": "CVE-2021-22156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlackBerry QNX Software Development Platform (SDP), QNX OS for Medical and QNX OS for Safety",
"version": {
"version_data": [
{
"version_value": "QNX SDP 6.5.0 SP1 and earlier"
},
{
"version_value": "QNX OS for Medical 1.1 and earlier"
},
{
"version_value": "QNX OS for Safety 1.0.1 and earlier"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry\u00ae QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service or arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.blackberry.com/kb/articleDetail?articleNumber=000082334",
"refsource": "MISC",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000082334"
},
{
"name": "20210818 BlackBerry QNX-2021-001 Vulnerability Affecting Cisco Products: August 2021",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
"assignerShortName": "blackberry",
"cveId": "CVE-2021-22156",
"datePublished": "2021-08-17T18:35:38",
"dateReserved": "2021-01-04T00:00:00",
"dateUpdated": "2024-08-03T18:37:17.775Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2022-03-10 17:42
Modified
2024-11-21 06:06
Severity ?
Summary
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@blackberry.com | http://support.blackberry.com/kb/articleDetail?articleNumber=000090868 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.blackberry.com/kb/articleDetail?articleNumber=000090868 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_momentics | 6.3.0 | |
| blackberry | qnx_momentics | 6.3.2 | |
| blackberry | qnx_software_development_platform | * | |
| blackberry | qnx_os_for_medical | * | |
| blackberry | qnx_os_for_medical | 2.0.0 | |
| blackberry | qnx_os_for_safety | * | |
| blackberry | qnx_os_for_safety | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics:6.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3AC84B1C-6981-4C3D-952E-4F724EFDEF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_momentics:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44452791-7402-44DD-ADB1-2A36310EB365",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51E6454-60B6-4913-BCF4-F23C3F1D8722",
"versionEndIncluding": "7.0",
"versionStartIncluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_medical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBC6F8A4-9440-4D3E-8FE8-B5F0A2BB34A2",
"versionEndExcluding": "1.1.2",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_medical:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B6348483-2214-4B7A-A61A-13813A3BC5B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_safety:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0913E9B4-F15A-4A86-B933-5D237FAA5451",
"versionEndExcluding": "1.0.3",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_safety:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC0E7C7-275A-4214-8232-725CF8B70EE9",
"versionEndExcluding": "2.0.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system."
},
{
"lang": "es",
"value": "Una vulnerabilidad de elevaci\u00f3n de privilegios en el QNX Neutrino Kernel de las versiones afectadas de QNX Software Development Platform versi\u00f3n(es) 6.4.0 a 7.0, QNX Momentics todas las versiones 6.3.x, QNX OS for Safety versiones 1.0.0 a 1.0. 2, QNX OS for Safety versiones 2.0.0 a 2.0.1, QNX for Medical versiones 1.0.0 a 1.1.1, y QNX OS for Medical versi\u00f3n 2.0.0, podr\u00eda permitir a un atacante acceder potencialmente a los datos, modificar el comportamiento o bloquear permanentemente el sistema"
}
],
"id": "CVE-2021-32025",
"lastModified": "2024-11-21T06:06:44.353",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-10T17:42:14.083",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000090868"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-17 19:15
Modified
2024-11-21 05:49
Severity ?
Summary
An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| blackberry | qnx_software_development_platform | * | |
| blackberry | qnx_software_development_platform | 6.5.0 | |
| blackberry | qnx_software_development_platform | 6.5.0 | |
| blackberry | qnx_os_for_medical | * | |
| blackberry | qnx_os_for_safety | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FCB90F-1888-4350-A16E-5F4951F903B3",
"versionEndExcluding": "6.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:6.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B18FCC7D-290C-4FC7-80B7-C678515E403C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:6.5.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "11F2C680-2F44-4CBC-BC7E-B608726302D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_medical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75A18CC9-673C-4FA8-875E-08925D2A97AB",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:blackberry:qnx_os_for_safety:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6CE0A1-8E88-405B-BD6D-48FCD084CB07",
"versionEndIncluding": "1.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry\u00ae QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code."
},
{
"lang": "es",
"value": "Una vulnerabilidad de desbordamiento de enteros en la funci\u00f3n calloc() de la biblioteca de tiempo de ejecuci\u00f3n C de las versiones afectadas de BlackBerry\u00ae QNX Software Development Platform (SDP) versi\u00f3n(es) 6.5.0SP1 y anteriores, QNX OS for Medical versiones 1.1 y anteriores, y QNX OS for Safety versiones 1.0.1 y anteriores, que podr\u00eda permitir a un atacante llevar a cabo potencialmente una denegaci\u00f3n de servicio o ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2021-22156",
"lastModified": "2024-11-21T05:49:36.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-17T19:15:08.057",
"references": [
{
"source": "secure@blackberry.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000082334"
},
{
"source": "secure@blackberry.com",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000082334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL"
}
],
"sourceIdentifier": "secure@blackberry.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}