CVE-2014-6611

The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:blackberry:blackberry_world:*:*:*:*:*:*:*:*
cpe:2.3:o:blackberry:blackberry_os:10.3.0:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:blackberry:blackberry_world:*:*:*:*:*:*:*:*
cpe:2.3:o:blackberry:blackberry_os:10.2.1:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:blackberry:blackberry_world:*:*:*:*:*:*:*:*
cpe:2.3:o:blackberry:blackberry_os:10.2.0:*:*:*:*:*:*:*

History

21 Nov 2024, 02:14

Type Values Removed Values Added
References () http://secunia.com/advisories/61013 - () http://secunia.com/advisories/61013 -
References () http://www.blackberry.com/btsc/kb36360 - Vendor Advisory () http://www.blackberry.com/btsc/kb36360 - Vendor Advisory

Information

Published : 2014-10-25 10:55

Updated : 2024-11-21 02:14


NVD link : CVE-2014-6611

Mitre link : CVE-2014-6611

CVE.ORG link : CVE-2014-6611


JSON object : View

Products Affected

blackberry

  • blackberry_world
  • blackberry_os
CWE
CWE-20

Improper Input Validation