CVE-2015-9232
low-risk
Published 2017-09-20
The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does not attempt to detect malicious activation attempts involving modified names beginning with a com.good.gdgma substring. Consequently, an attacker could obtain access to intranet data. This issue is only relevant in cases where the user has already downloaded a malicious Android application.
Do I need to act?
-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ HIGH complexity
Affected Products (1)
Good For Enterprise
Affected Vendors
References (6)
Third Party Advisory
https://community.blackberry.com/community/blogs/blog/2015/10/02/what-you-need-t...
Third Party Advisory
https://community.blackberry.com/community/blogs/blog/2015/10/02/what-you-need-t...
23
/ 100
low-risk
Severity
17/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal