CVE-2015-9232

Name of the Vulnerable Software and Affected Versions Good for Enterprise application version 3.0.0.415

Description The issue concerns the lack of signature protection for the Authentication Delegation API intent in the Good for Enterprise application. Additionally, the Good Dynamic application activation process fails to detect malicious activation attempts involving modified names starting with a com.good.gdgma substring. This could allow an attacker to gain access to intranet data, but only if a malicious Android application has already been downloaded by the user.

Recommendations For Good for Enterprise application version 3.0.0.415, consider restricting access to the Authentication Delegation API intent until a fix is available, and ensure that the Good Dynamic application activation process is modified to detect malicious activation attempts involving modified names starting with a com.good.gdgma substring.