CVE-2014-6611

{"id": "CVE-2014-6611", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-10-25T10:55:06.743", "references": [{"url": "http://secunia.com/advisories/61013", "source": "cve@mitre.org"}, {"url": "http://www.blackberry.com/btsc/kb36360", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream."}, {"lang": "es", "value": "La aplicaci\u00f3n BlackBerry World anterior a 5.0.0.262 en BlackBerry 10 OS 10.2.0, anterior a 5.0.0.263 en BlackBerry 10 OS 10.2.1, y anterior a 5.1.0.53 en BlackBerry 10 OS 10.3.0 no valida debidamente las solicitudes de descarga de actualizaciones, lo que permite a atacantes man-in-the-middle asistidos por usuarios suplantar servidores y provocar la descarga de una aplicaci\u00f3n manipulada mediante la modificaci\u00f3n del flujo de datos del servidor cliente."}], "lastModified": "2015-01-28T00:40:07.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:blackberry_world:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E80CAE1-33F2-4E2F-84D5-09D55E911812", "versionEndIncluding": "5.1.0.52"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:blackberry:blackberry_os:10.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43261390-B10E-452D-9274-9ECA5925AF09"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:blackberry_world:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58F89E3E-43FE-4D2F-A0DE-98AC2D45F6BD", "versionEndIncluding": "5.0.0.262"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:blackberry:blackberry_os:10.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2621E2FD-B7A7-4B88-9E65-975002C7ED55"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:blackberry_world:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33A119CA-0D43-4332-AE52-7420C5E83835", "versionEndIncluding": "5.0.0.261"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:blackberry:blackberry_os:10.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1217750-76BC-4CC1-AA35-4C93BB53F253"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}