cve-2019-8762
Vulnerability from cvelistv5
Published
2020-10-27 19:46
Modified
2024-08-04 21:31
Severity
Summary
A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.
References
| Source | URL | Tags |
|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/HT210603 | Vendor Advisory |
| product-security@apple.com | https://support.apple.com/en-us/HT210604 | Vendor Advisory |
| product-security@apple.com | https://support.apple.com/en-us/HT210605 | Vendor Advisory |
| product-security@apple.com | https://support.apple.com/en-us/HT210635 | Vendor Advisory |
| product-security@apple.com | https://support.apple.com/en-us/HT210636 | Vendor Advisory |
| product-security@apple.com | https://support.apple.com/en-us/HT210637 | Vendor Advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:36.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210604"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210603"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210635"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210636"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210637"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT210605"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "13.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iTunes for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iCloud for Windows",
"vendor": "Apple",
"versions": [
{
"lessThan": "7.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to universal cross site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-27T19:46:34",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210604"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210603"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210635"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210636"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210637"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT210605"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2019-8762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "13.1"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "13"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "13.0"
}
]
}
},
{
"product_name": "iTunes for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "12.10"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "10.7"
}
]
}
},
{
"product_name": "iCloud for Windows",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "7.14"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to universal cross site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT210604",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210604"
},
{
"name": "https://support.apple.com/en-us/HT210603",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210603"
},
{
"name": "https://support.apple.com/en-us/HT210635",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210635"
},
{
"name": "https://support.apple.com/en-us/HT210636",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210636"
},
{
"name": "https://support.apple.com/en-us/HT210637",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210637"
},
{
"name": "https://support.apple.com/en-us/HT210605",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT210605"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2019-8762",
"datePublished": "2020-10-27T19:46:34",
"dateReserved": "2019-02-18T00:00:00",
"dateUpdated": "2024-08-04T21:31:36.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-8762\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2020-10-27T20:15:19.080\",\"lastModified\":\"2020-10-30T00:56:08.800\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de comprobaci\u00f3n con una l\u00f3gica mejorada.\u0026#xa0;Este problema se corrigi\u00f3 en Safari versi\u00f3n 13.0.1, iOS versi\u00f3n 13.1 y iPadOS versi\u00f3n 13.1, iCloud para Windows versi\u00f3n 10.7, tvOS versi\u00f3n 13, iCloud para Windows versi\u00f3n 7.14, iTunes versi\u00f3n 12.10.1 para Windows.\u0026#xa0;El procesamiento de contenido web dise\u00f1ado maliciosamente puede conllevar a un ataque de tipo cross site scripting universal\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"7.14\",\"matchCriteriaId\":\"CD51BEFE-B28D-412A-996D-ADA104E4EC17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.7\",\"matchCriteriaId\":\"3AB3D55F-1566-4705-98C9-6D56F8F156F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*\",\"versionEndExcluding\":\"12.10.1\",\"matchCriteriaId\":\"397F21E9-3B36-49AE-92E3-B5B1FC7773D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.0.1\",\"matchCriteriaId\":\"6BD0E131-6A79-47DA-B8A8-1478B1EDD9FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.1\",\"matchCriteriaId\":\"2FCDB4B4-9FB3-46C2-A440-C60FEF372880\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13.1\",\"matchCriteriaId\":\"74FC47CB-6F80-4521-BE54-47B5630FF496\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"13\",\"matchCriteriaId\":\"E6FCD7CE-EC26-4952-A34D-2221AA4F223B\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT210603\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210604\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210605\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210635\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210636\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT210637\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...