PT-2014-7301 · Blackberry · Blackberry 10 Os+1

Publicado

2014-10-25

·

Atualizado

2015-01-28

·

CVE-2014-6611

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions BlackBerry World app versions prior to 5.0.0.262 on BlackBerry 10 OS 10.2.0 BlackBerry World app versions prior to 5.0.0.263 on BlackBerry 10 OS 10.2.1 BlackBerry World app versions prior to 5.1.0.53 on BlackBerry 10 OS 10.3.0
Description The issue allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream, due to improper validation of download/update requests.
Recommendations For BlackBerry World app version prior to 5.0.0.262 on BlackBerry 10 OS 10.2.0, update to version 5.0.0.262 or later. For BlackBerry World app version prior to 5.0.0.263 on BlackBerry 10 OS 10.2.1, update to version 5.0.0.263 or later. For BlackBerry World app version prior to 5.1.0.53 on BlackBerry 10 OS 10.3.0, update to version 5.1.0.53 or later.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2014-6611

Produtos afetados

Blackberry 10 Os
Blackberry World