Concur Travel and Expense Mobile App for iOS Information Disclosure VulnerabilityBy: Beau Woods
Dell SecureWorks Security Advisory SWRX-2011-002
- Title: Concur Travel & Expense Mobile App for iOS Information Disclosure Vulnerability
- Advisory ID: SWRX-2011-002
- Date published: Wednesday, September 28, 2011
- CVE: CVE-2011-3425
- CVSS v2 Base Score: 4.7
- Date of last update: Wednesday, September 28, 2011
- Vendors contacted: Concur Technologies, Inc.
- Release mode: Coordinated
- Discovered by: Beau Woods, Dell SecureWorks
Older versions of the Concur Travel & Expense Mobile App for iOS improperly handled sensitive information. An attacker with physical or logical access to the device or to device backups could obtain the user account, password, device ID and device serial number stored on the iOS device.
PGP Signature (PC Users: You may need to right click your mouse and select "Save As")