CVE-2014-6611

BlackBerry World <5.0.0.262-5.1.0.53 - Info Disclosure

Title source: llm
STIX 2.1

Description

The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.

References (2)

Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.blackberry.com/btsc/kb36360
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61013

Scores

EPSS 0.0099
EPSS Percentile 58.3%

Details

CWE
CWE-20
Status published
Products (4)
blackberry/blackberry_os 10.3.0
blackberry/blackberry_os 10.2.1
blackberry/blackberry_os 10.2.0
blackberry/blackberry_world < 5.1.0.52
Published Oct 25, 2014
Tracked Since Feb 18, 2026