CVE-2014-6611

EUVD-2014-6490
The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
blackberryblackberry_world
𝑥
≤ 5.1.0.52
blackberryblackberry_os
10.3.0
blackberryblackberry_world
𝑥
≤ 5.0.0.262
blackberryblackberry_os
10.2.1
blackberryblackberry_world
𝑥
≤ 5.0.0.261
blackberryblackberry_os
10.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/61013
http://www.blackberry.com/btsc/kb36360
http://secunia.com/advisories/61013
http://www.blackberry.com/btsc/kb36360