Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for QNX Software Development Platform (QNX SDP) by BlackBerry

    CVE-2019-8998 (GCVE-0-2019-8998)

    Vulnerability from nvd – Published: 2019-07-12 15:30 – Updated: 2025-08-22 15:09
    VLAI
    Summary
    An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space.
    CWE
    • Information disclosure leading to a potential local escalation of privilege
    • CWE-413 - Improper Resource Locking
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:31:37.569Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000057178"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (QNX SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5.0 SP1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space.\u003c/p\u003e"
                }
              ],
              "value": "An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure leading to a potential local escalation of privilege",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-413",
                  "description": "CWE-413 Improper Resource Locking",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T15:09:48.377Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000057178"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2019-8998",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5.0 SP1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure leading to a potential local escalation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000057178",
                  "refsource": "MISC",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000057178"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2019-8998",
        "datePublished": "2019-07-12T15:30:28.000Z",
        "dateReserved": "2019-02-21T00:00:00.000Z",
        "dateUpdated": "2025-08-22T15:09:48.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9371 (GCVE-0-2017-9371)

    Vulnerability from nvd – Published: 2017-11-14 21:00 – Updated: 2025-08-22 15:05
    VLAI
    Summary
    In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.
    CWE
    • Loss of integrity vulnerability
    • CWE-332 - Insufficient Entropy in PRNG
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (QNX SDP) Affected: 6.6.0
    Affected: 6.5.0 SP1 and earlier
    Create a notification for this product.
    Date Public
    2017-11-14 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000046674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (QNX SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.5.0 SP1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Loss of integrity vulnerability",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-332",
                  "description": "CWE-332 Insufficient Entropy in PRNG",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T15:05:29.013Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000046674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2017-11-14T00:00:00",
              "ID": "CVE-2017-9371",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.0"
                              },
                              {
                                "version_value": "6.5.0 SP1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Loss of integrity vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000046674",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000046674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-9371",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2017-06-02T00:00:00.000Z",
        "dateUpdated": "2025-08-22T15:05:29.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3893 (GCVE-0-2017-3893)

    Vulnerability from nvd – Published: 2017-11-14 21:00 – Updated: 2025-07-22 15:25
    VLAI
    Title
    Incomplete vulnerability mitigations
    Summary
    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.
    CWE
    • CWE-693 - Protection mechanism failure
    Assigner
    References
    Impacted products
    Date Public
    2017-11-14 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (QNX SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-679",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection mechanism failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-22T15:25:07.257Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incomplete vulnerability mitigations",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2017-11-14T00:00:00",
              "ID": "CVE-2017-3893",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Flawed vulnerability mitigation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-3893",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2016-12-21T00:00:00.000Z",
        "dateUpdated": "2025-07-22T15:25:07.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3891 (GCVE-0-2017-3891)

    Vulnerability from nvd – Published: 2017-11-14 21:00 – Updated: 2025-08-22 14:48
    VLAI
    Summary
    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.
    CWE
    • Elevation of privilege
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    References
    Impacted products
    Date Public
    2017-11-14 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.298Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (QNX SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-216",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-216 Communication Channel Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T14:48:09.392Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2017-11-14T00:00:00",
              "ID": "CVE-2017-3891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
                },
                {
                  "name": "https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet",
                  "refsource": "MISC",
                  "url": "https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-3891",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2016-12-21T00:00:00.000Z",
        "dateUpdated": "2025-08-22T14:48:09.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-8998 (GCVE-0-2019-8998)

    Vulnerability from cvelistv5 – Published: 2019-07-12 15:30 – Updated: 2025-08-22 15:09
    VLAI
    Summary
    An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space.
    CWE
    • Information disclosure leading to a potential local escalation of privilege
    • CWE-413 - Improper Resource Locking
    Assigner
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T21:31:37.569Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000057178"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (QNX SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.5.0 SP1 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space.\u003c/p\u003e"
                }
              ],
              "value": "An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information disclosure leading to a potential local escalation of privilege",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-413",
                  "description": "CWE-413 Improper Resource Locking",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T15:09:48.377Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000057178"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "ID": "CVE-2019-8998",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "BlackBerry QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.5.0 SP1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc filesystem) of BlackBerry QNX Software Development Platform version(s) 6.5.0 SP1 and earlier could allow an attacker to potentially gain unauthorized access to a chosen process address space."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information disclosure leading to a potential local escalation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000057178",
                  "refsource": "MISC",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000057178"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2019-8998",
        "datePublished": "2019-07-12T15:30:28.000Z",
        "dateReserved": "2019-02-21T00:00:00.000Z",
        "dateUpdated": "2025-08-22T15:09:48.377Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3891 (GCVE-0-2017-3891)

    Vulnerability from cvelistv5 – Published: 2017-11-14 21:00 – Updated: 2025-08-22 14:48
    VLAI
    Summary
    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.
    CWE
    • Elevation of privilege
    • CWE-923 - Improper Restriction of Communication Channel to Intended Endpoints
    Assigner
    References
    Impacted products
    Date Public
    2017-11-14 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.298Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (QNX SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-216",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-216 Communication Channel Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of privilege",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-923",
                  "description": "CWE-923 Improper Restriction of Communication Channel to Intended Endpoints",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T14:48:09.392Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2017-11-14T00:00:00",
              "ID": "CVE-2017-3891",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Elevation of privilege"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
                },
                {
                  "name": "https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet",
                  "refsource": "MISC",
                  "url": "https://www.midnightbluelabs.com/blog/2017/12/8/elevation-of-privilege-vulnerability-in-qnx-qnet"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-3891",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2016-12-21T00:00:00.000Z",
        "dateUpdated": "2025-08-22T14:48:09.392Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3893 (GCVE-0-2017-3893)

    Vulnerability from cvelistv5 – Published: 2017-11-14 21:00 – Updated: 2025-07-22 15:25
    VLAI
    Title
    Incomplete vulnerability mitigations
    Summary
    In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.
    CWE
    • CWE-693 - Protection mechanism failure
    Assigner
    References
    Impacted products
    Date Public
    2017-11-14 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:39:41.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (QNX SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-679",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-679 Exploitation of Improperly Configured or Implemented Memory Protections"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 1.9,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693 Protection mechanism failure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-22T15:25:07.257Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incomplete vulnerability mitigations",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2017-11-14T00:00:00",
              "ID": "CVE-2017-3893",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Flawed vulnerability mitigation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000046674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-3893",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2016-12-21T00:00:00.000Z",
        "dateUpdated": "2025-07-22T15:25:07.257Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-9371 (GCVE-0-2017-9371)

    Vulnerability from cvelistv5 – Published: 2017-11-14 21:00 – Updated: 2025-08-22 15:05
    VLAI
    Summary
    In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.
    CWE
    • Loss of integrity vulnerability
    • CWE-332 - Insufficient Entropy in PRNG
    Assigner
    References
    Impacted products
    Vendor Product Version
    BlackBerry QNX Software Development Platform (QNX SDP) Affected: 6.6.0
    Affected: 6.5.0 SP1 and earlier
    Create a notification for this product.
    Date Public
    2017-11-14 05:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T17:02:44.372Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000046674"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "QNX Software Development Platform (QNX SDP)",
              "vendor": "BlackBerry",
              "versions": [
                {
                  "status": "affected",
                  "version": "6.6.0"
                },
                {
                  "status": "affected",
                  "version": "6.5.0 SP1 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-11-14T05:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eIn BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation.\u003c/p\u003e"
                }
              ],
              "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 2.6,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Loss of integrity vulnerability",
                  "lang": "en"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-332",
                  "description": "CWE-332 Insufficient Entropy in PRNG",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-22T15:05:29.013Z",
            "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
            "shortName": "blackberry"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000046674"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@blackberry.com",
              "DATE_PUBLIC": "2017-11-14T00:00:00",
              "ID": "CVE-2017-9371",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "QNX Software Development Platform (QNX SDP)",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "6.6.0"
                              },
                              {
                                "version_value": "6.5.0 SP1 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "BlackBerry"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Loss of integrity vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000046674",
                  "refsource": "CONFIRM",
                  "url": "http://support.blackberry.com/kb/articleDetail?language=en_US\u0026articleNumber=000046674"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c",
        "assignerShortName": "blackberry",
        "cveId": "CVE-2017-9371",
        "datePublished": "2017-11-14T21:00:00.000Z",
        "dateReserved": "2017-06-02T00:00:00.000Z",
        "dateUpdated": "2025-08-22T15:05:29.013Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }