CVE-2015-9232
MEDIUMGood for Enterprise 3.0.0.415 - Insufficient Verification of Data Authenticity in Authentication Delegation API
Title source: llmDescription
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://community.blackberry.com/community/blogs/blog/2015/10/02/what-you-need-to-know-modzero-insecure-application-coupling
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://www.modzero.ch/advisories/MZ-15-03-GOOD-Auth-Delegation.txt
Exploit, Mitigation, Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/archive/1/536543
Scores
CVSS v3
5.3
EPSS
0.0092
EPSS Percentile
55.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-345
Status
published
Products (1)
good/good_for_enterprise
3.0.0.415
Published
Sep 20, 2017
Tracked Since
Feb 18, 2026