Vulnerability CVE-2015-9232


Published: 2017-09-20   Modified: 2017-09-21

Description:
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application.

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
GOOD -> Good for enterprise 

 References:
http://www.securityfocus.com/archive/1/536543
https://community.blackberry.com/community/blogs/blog/2015/10/02/what-you-need-to-know-modzero-insecure-application-coupling
https://www.modzero.ch/advisories/MZ-15-03-GOOD-Auth-Delegation.txt

Copyright 2024, cxsecurity.com

 

Back to Top