6.8

CVE-2013-3694

Exploit
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not require authentication for remote file-access folders, which allows remote attackers to read or create arbitrary files via IPv6 WebDAV requests, as demonstrated by a CSRF attack involving DNS rebinding.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BlackberryBlackberry Link Version <= 1.1.1.26
   ApplemacOS X
BlackberryBlackberry Link Version1.0.1.12
   ApplemacOS X
BlackberryBlackberry Link Version <= 1.2.0.28
   MicrosoftWindows
BlackberryBlackberry Link Version1.0.1.12
   MicrosoftWindows
BlackberryBlackberry Link Version1.1.1.26
   MicrosoftWindows
BlackberryBlackberry Link Version1.1.1.41
   MicrosoftWindows
BlackberryBlackberry Link Version1.2.0.12
   MicrosoftWindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.91% 0.554
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

http://www.blackberry.com/btsc/KB35315
Vendor Advisory
http://blog.cmpxchg8b.com/2013/11/qnx.html
Exploit