0 Results Found
            Back To Results
              Advisory

              Concur Travel and Expense Mobile App for iOS Information Disclosure Vulnerability

              Dell SecureWorks Security Advisory SWRX-2011-002

              Advisory Information

              • Title: Concur Travel & Expense Mobile App for iOS Information Disclosure Vulnerability
              • Advisory ID: SWRX-2011-002
              • Date published: Wednesday, September 28, 2011
              • CVE: CVE-2011-3425
              • CVSS v2 Base Score: 4.7
              • Date of last update: Wednesday, September 28, 2011
              • Vendors contacted: Concur Technologies, Inc.
              • Release mode: Coordinated
              • Discovered by: Beau Woods, Dell SecureWorks

              Summary

              Older versions of the Concur Travel & Expense Mobile App for iOS improperly handled sensitive information. An attacker with physical or logical access to the device or to device backups could obtain the user account, password, device ID and device serial number stored on the iOS device.

              Download the PDF

              PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

              SecureWorks CTU Public Key

              Related Content