Advisory

Concur Travel and Expense Mobile App for iOS Information Disclosure Vulnerability

Dell SecureWorks Security Advisory SWRX-2011-002

Advisory Information

  • Title: Concur Travel & Expense Mobile App for iOS Information Disclosure Vulnerability
  • Advisory ID: SWRX-2011-002
  • Date published: Wednesday, September 28, 2011
  • CVE: CVE-2011-3425
  • CVSS v2 Base Score: 4.7
  • Date of last update: Wednesday, September 28, 2011
  • Vendors contacted: Concur Technologies, Inc.
  • Release mode: Coordinated
  • Discovered by: Beau Woods, Dell SecureWorks

Summary

Older versions of the Concur Travel & Expense Mobile App for iOS improperly handled sensitive information. An attacker with physical or logical access to the device or to device backups could obtain the user account, password, device ID and device serial number stored on the iOS device.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

SecureWorks CTU Public Key


Back to more Threat Analyses and Advisories

Talk with an Expert

Thank you for submitting the form! We have received your request. A Secureworks team member will contact you within one business day.