CVE-2014-6611

EPSS 0.26%
Published 25.10.2014 10:55:06
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Blackberry ≫ Blackberry World Version <= 5.1.0.52

Blackberry ≫ Blackberry Os Version10.3.0

Blackberry ≫ Blackberry World Version <= 5.0.0.262

Blackberry ≫ Blackberry Os Version10.2.1

Blackberry ≫ Blackberry World Version <= 5.0.0.261

Blackberry ≫ Blackberry Os Version10.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.46

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://secunia.com/advisories/61013

http://www.blackberry.com/btsc/kb36360

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2014-6611

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-6611

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-6611

EUVD