Security Advisory: Bambuser Mobile Application
Advisory Title: Bambuser Mobile Application Information Disclosure Vulnerability
Internal ID: STRATSEC-2012-002
External ID: CVE Pending
Date discovered: August 10, 2012
Date reported: August 10, 2012
Date published: October 3, 2012
Current status: Vendor fix is in place
Discovered by: Beau Woods, Stratigos Security
Vendor: Bambuser (bambuser.com)
Affected product: Bambuser mobile application
Platform: iOS (confirmed); likely other versions (unconfirmed)
Vulnerable Version: 1.9.3 (confirmed); likely previous versions (unconfirmed)
Severity: 4.7 (CVSS v2)
Stratigos Security became aware of a vulnerability in the Bambuser mobile application and reported the issue to Bambuser on August 10, 2012. Bambuser quickly responded, provided estimated timeline for the fix and notified Stratigos Security when the updated version was published. Stratigos Security has confirmed that this vulnerability has been fixed in the updated version.
The formal advisory is published here: Security Advisory STRAT-2012-002 Bambuser Mobile Application Information Disclosure Vulnerability
Comentários