fkie_nvd - fkie_cve-2022-32849

fkie_cve-2022-32849

Vulnerability from fkie_nvd

Published

2022-09-23 19:15

Modified

2024-11-21 07:07

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.

References

URL	Tags
product-security@apple.com	https://support.apple.com/en-us/HT213342	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213343	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213344	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213345	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT213346	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT213488	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213342	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213343	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213344	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213345	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT213346	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT213488	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	mac_os_x	*
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	macos	*
apple	macos	*
apple	tvos	*

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "F5E4F87A-8003-43EB-99F7-35C82AEA4DC0",
                     versionEndExcluding: "15.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "B6FA9FE3-1891-405C-B191-04CAB84ADD46",
                     versionEndExcluding: "15.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "EF8C1CB5-DACB-449C-9E07-E477142C589F",
                     versionEndExcluding: "10.15.7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                     matchCriteriaId: "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
                     matchCriteriaId: "F12CC8B5-C1EB-419E-8496-B9A3864656AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                     matchCriteriaId: "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
                     matchCriteriaId: "0F441A43-1669-478D-9EC8-E96882DE4F9F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
                     matchCriteriaId: "D425C653-37A2-448C-BF2F-B684ADB08A26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
                     matchCriteriaId: "A54D63B7-B92B-47C3-B1C5-9892E5873A98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
                     matchCriteriaId: "3456176F-9185-4EE2-A8CE-3D989D674AB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*",
                     matchCriteriaId: "D337EE21-2F00-484D-9285-F2B0248D7A19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*",
                     matchCriteriaId: "012052B5-9AA7-4FD3-9C80-5F615330039D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*",
                     matchCriteriaId: "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*",
                     matchCriteriaId: "8E974DC6-F7D9-4389-9AF9-863F6E419CE6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*",
                     matchCriteriaId: "156A6382-2BD3-4882-90B2-8E7CF6659E17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*",
                     matchCriteriaId: "20A2FDB2-6712-406A-9896-C0B44508B07D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*",
                     matchCriteriaId: "49F537A0-DC42-4176-B22F-C80D179DD99D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-004:*:*:*:*:*:*",
                     matchCriteriaId: "1E463183-7E29-464F-B459-F3E1D62501FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "21572D24-45CE-4FF4-8AFD-E13E1FE853B1",
                     versionEndExcluding: "11.6.8",
                     versionStartIncluding: "11.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "BFABC0C7-944C-4B46-A985-8B4F8BF93F54",
                     versionEndExcluding: "12.5",
                     versionStartIncluding: "12.0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "83FC1965-2381-49FF-9521-355D29B28B71",
                     versionEndExcluding: "15.6",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.",
      },
      {
         lang: "es",
         value: "Se abordó un problema de divulgación de información al eliminar el código vulnerable. Este problema ha sido corregido en iOS versión 15.6 y iPadOS versión 15.6, macOS Big Sur versión 11.6.8, tvOS versión 15.6, macOS Monterey versión 12.5, Security Update 2022-005 Catalina. Una aplicación podría acceder a información confidencial del usuario.\n",
      },
   ],
   id: "CVE-2022-32849",
   lastModified: "2024-11-21T07:07:05.397",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "LOCAL",
               availabilityImpact: "NONE",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 1.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-09-23T19:15:13.723",
   references: [
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213342",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213343",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213344",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213345",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213346",
      },
      {
         source: "product-security@apple.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/kb/HT213488",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213342",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213343",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213344",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213345",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/en-us/HT213346",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.apple.com/kb/HT213488",
      },
   ],
   sourceIdentifier: "product-security@apple.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-noinfo",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

CVE-2022-32849 (GCVE-0-2022-32849)

Vulnerability from cvelistv5

Published

2022-09-23 00:00

Modified

2024-08-03 07:54

Severity ?

Summary

References

▼	URL	Tags
	https://support.apple.com/en-us/HT213345
	https://support.apple.com/en-us/HT213342
	https://support.apple.com/en-us/HT213346
	https://support.apple.com/en-us/HT213344
	https://support.apple.com/en-us/HT213343
	https://support.apple.com/kb/HT213488

Impacted products

Vendor

Product

Version

▼

Apple

macOS

Version: unspecified < 12.5

Apple	macOS	Version: unspecified < 11.6
Apple	macOS	Version: unspecified < 2022
Apple	tvOS	Version: unspecified < 15.6
Apple	tvOS	Version: unspecified < 15.6

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T07:54:03.133Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT213345",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT213342",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT213346",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT213344",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/en-us/HT213343",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.apple.com/kb/HT213488",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "macOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "12.5",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "macOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "11.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "macOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "2022",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "tvOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "15.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
            {
               product: "tvOS",
               vendor: "Apple",
               versions: [
                  {
                     lessThan: "15.6",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "An app may be able to access sensitive user information",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-11-10T00:00:00",
            orgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
            shortName: "apple",
         },
         references: [
            {
               url: "https://support.apple.com/en-us/HT213345",
            },
            {
               url: "https://support.apple.com/en-us/HT213342",
            },
            {
               url: "https://support.apple.com/en-us/HT213346",
            },
            {
               url: "https://support.apple.com/en-us/HT213344",
            },
            {
               url: "https://support.apple.com/en-us/HT213343",
            },
            {
               url: "https://support.apple.com/kb/HT213488",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "286789f9-fbc2-4510-9f9a-43facdede74c",
      assignerShortName: "apple",
      cveId: "CVE-2022-32849",
      datePublished: "2022-09-23T00:00:00",
      dateReserved: "2022-06-09T00:00:00",
      dateUpdated: "2024-08-03T07:54:03.133Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted