0 Results Found
              Back To Results
                Advisories

                Concur Travel and Expense Mobile App for iOS Information Disclosure Vulnerability

                By: Beau Woods

                Dell SecureWorks Security Advisory SWRX-2011-002

                Advisory Information

                • Title: Concur Travel & Expense Mobile App for iOS Information Disclosure Vulnerability
                • Advisory ID: SWRX-2011-002
                • Date published: Wednesday, September 28, 2011
                • CVE: CVE-2011-3425
                • CVSS v2 Base Score: 4.7
                • Date of last update: Wednesday, September 28, 2011
                • Vendors contacted: Concur Technologies, Inc.
                • Release mode: Coordinated
                • Discovered by: Beau Woods, Dell SecureWorks

                Summary

                Older versions of the Concur Travel & Expense Mobile App for iOS improperly handled sensitive information. An attacker with physical or logical access to the device or to device backups could obtain the user account, password, device ID and device serial number stored on the iOS device.

                Download the PDF

                PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

                SecureWorks CTU Public Key

                Related Content