CVE-2017-3892
LOWBlackBerry QNX Software Development Platform 6.6.0 - Information Disclosure via procfs
Title source: llmDescription
In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://support.blackberry.com/kb/articleDetail?articleNumber=000046674
Scores
CVSS v3
3.8
EPSS
0.0080
EPSS Percentile
52.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
BlackBerry/QNX Software Development Platform (SDP)
6.6.0
blackberry/qnx_software_development_platform
6.6.0
Published
Nov 14, 2017
Tracked Since
Feb 18, 2026