5.3

CVE-2015-9232

Exploit

EPSS 0.14%
Veröffentlicht 20.09.2017 22:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Good ≫ Good For Enterprise Version3.0.0.415 SwPlatformandroid

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.302

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:P/I:N/A:N

CWE-345 Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

http://www.securityfocus.com/archive/1/536543

Third Party Advisory

Exploit

VDB Entry

Mitigation

https://community.blackberry.com/community/blogs/blog/2015/10/02/what-you-need-to-know-modzero-insecure-application-coupling

Third Party Advisory

https://www.modzero.ch/advisories/MZ-15-03-GOOD-Auth-Delegation.txt

Third Party Advisory

Exploit

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2015-9232

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-9232

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-9232

EUVD