CVE-2014-6611

The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
blackberryblackberry_world
𝑥
≤ 5.1.0.52
blackberryblackberry_os
10.3.0
blackberryblackberry_world
𝑥
≤ 5.0.0.262
blackberryblackberry_os
10.2.1
blackberryblackberry_world
𝑥
≤ 5.0.0.261
blackberryblackberry_os
10.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/61013
http://www.blackberry.com/btsc/kb36360
http://secunia.com/advisories/61013
http://www.blackberry.com/btsc/kb36360