PT-2014-7301 · Blackberry · Blackberry 10 Os+1
Published
2014-10-25
·
Updated
2015-01-28
·
CVE-2014-6611
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
BlackBerry World app versions prior to 5.0.0.262 on BlackBerry 10 OS 10.2.0
BlackBerry World app versions prior to 5.0.0.263 on BlackBerry 10 OS 10.2.1
BlackBerry World app versions prior to 5.1.0.53 on BlackBerry 10 OS 10.3.0
Description
The issue allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream, due to improper validation of download/update requests.
Recommendations
For BlackBerry World app version prior to 5.0.0.262 on BlackBerry 10 OS 10.2.0, update to version 5.0.0.262 or later.
For BlackBerry World app version prior to 5.0.0.263 on BlackBerry 10 OS 10.2.1, update to version 5.0.0.263 or later.
For BlackBerry World app version prior to 5.1.0.53 on BlackBerry 10 OS 10.3.0, update to version 5.1.0.53 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blackberry 10 Os
Blackberry World