Home > Security Advisories > Security Advisory: Bambuser Mobile Application

Security Advisory: Bambuser Mobile Application

October 3, 2012

Security Advisory: Bambuser Mobile Application

  • Advisory Title: Bambuser Mobile Application Information Disclosure Vulnerability
  • Internal ID: STRATSEC-2012-002
  • External ID: CVE Pending
  • Date discovered: August 10, 2012
  • Date reported: August 10, 2012
  • Date published: October 3, 2012
  • Current status: Vendor fix is in place
  • Discovered by: Beau Woods, Stratigos Security
  • Vendor: Bambuser (bambuser.com)
  • Affected product: Bambuser mobile application
  • Platform: iOS (confirmed); likely other versions (unconfirmed)
  • Vulnerable Version: 1.9.3 (confirmed); likely previous versions (unconfirmed)
  • Severity: 4.7 (CVSS v2)

Stratigos Security became aware of a vulnerability in the Bambuser mobile application and reported the issue to Bambuser on August 10, 2012. Bambuser quickly responded, provided estimated timeline for the fix and notified Stratigos Security when the updated version was published. Stratigos Security has confirmed that this vulnerability has been fixed in the updated version.

The formal advisory is published here: Security Advisory STRAT-2012-002 Bambuser Mobile Application Information Disclosure Vulnerability