CVE-2015-9232

Sažetak

The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application.

Reference

http://www.securityfocus.com/archive/1/536543
https://community.blackberry.com/community/blogs/blog/2015/10/02/what-you-need-to-know-modzero-insecure-application-coupling
https://www.modzero.ch/advisories/MZ-15-03-GOOD-Auth-Delegation.txt

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

04-10-2017 - 20:19

Objavljeno

20-09-2017 - 22:29