The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.
References
Link | Resource |
---|---|
http://secunia.com/advisories/61013 | |
http://www.blackberry.com/btsc/kb36360 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-10-25T10:00:00
Updated: 2014-10-29T12:57:00
Reserved: 2014-09-18T00:00:00
Link: CVE-2014-6611
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-10-25T10:55:06.743
Modified: 2015-01-28T00:40:07.417
Link: CVE-2014-6611
JSON object: View
Redhat Information
No data.
CWE