Sign in
CVE-2015-9232
CVE-2015-9232
Description
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application.
Impact
CVSS v3 : 5.3 MEDIUM
CVSS v2 : 2.6 LOW
Type
CWE-345
Attack Vector
CVSSv2 Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N
Quick links
CVE
,
NVD
,
CERT
,
Metasploit
,
Exploit-db
,
Fulldisc
,
Bugtraq
,
Microsoft
,
Red Hat
,
Debian
, GitHub
code
/
issues
,
Google
References
http://www.securityfocus.com/archive/1/536543
https://community.blackberry.com/community/blogs/blog/2015/10/02/what-you-need-to-know-modzero-insecure-application-coupling
https://www.modzero.ch/advisories/MZ-15-03-GOOD-Auth-Delegation.txt
FAQ
Terms of service
Privacy policy
