CVE-2014-6611 — MEDIUM (4.3)

Q: How severe is CVE-2014-6611?

CVE-2014-6611 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-6611?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Blackberry World, Blackberry Blackberry Os.

Vulnerability Description

The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Blackberry	Blackberry World	<= 5.1.0.52
Blackberry	Blackberry Os	10.3.0

Related Weaknesses (CWE)

CWE-20

References

http://secunia.com/advisories/61013
http://www.blackberry.com/btsc/kb36360Vendor Advisory
http://secunia.com/advisories/61013
http://www.blackberry.com/btsc/kb36360Vendor Advisory

FAQ

What is CVE-2014-6611?

CVE-2014-6611 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/up...

How severe is CVE-2014-6611?

CVE-2014-6611 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-6611?

Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Blackberry World, Blackberry Blackberry Os.