FKIE_CVE-2019-8570

Vulnerability from fkie_nvd - Published: 2020-10-27 20:15 - Updated: 2024-11-21 04:50
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary
A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information.
References
product-security@apple.comhttps://support.apple.com/en-us/HT209443Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT209447Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT209449Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT209450Vendor Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT209451Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT209443Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT209447Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT209449Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT209450Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT209451Vendor Advisory
Impacted products
Vendor Product Version
apple icloud *
apple itunes *
apple safari *
apple iphone_os *
apple tvos *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "6A5A43E1-EDCA-43E9-A74D-CCC364EC10BF",
              "versionEndExcluding": "7.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "01EA9BE4-7571-4EC4-B8E8-32EE4FFD1455",
              "versionEndExcluding": "12.9.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE3D7CF8-AF17-4C00-96D0-E8C13CACCDF7",
              "versionEndExcluding": "12.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2160390-120A-4096-8A39-3CE6F440D8AC",
              "versionEndExcluding": "12.1.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDF826E3-9EA2-4EEF-94C9-CDBFA61BB083",
              "versionEndExcluding": "12.1.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema l\u00f3gico con una administraci\u00f3n de estado mejorada.\u0026#xa0;Este problema se corrigi\u00f3 en iOS versi\u00f3n 12.1.3, iCloud para Windows versi\u00f3n 7.10, iTunes versi\u00f3n 12.9.3 para Windows, Safari versi\u00f3n 12.0.3, tvOS versi\u00f3n 12.1.2.\u0026#xa0;El procesamiento de contenido web dise\u00f1ado maliciosamente puede ser capaz de divulgar informaci\u00f3n confidencial del usuario"
    }
  ],
  "id": "CVE-2019-8570",
  "lastModified": "2024-11-21T04:50:05.380",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-27T20:15:15.360",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT209443"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT209447"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT209449"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT209450"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT209451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT209443"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT209447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT209449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT209450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT209451"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.