CVE-2011-0197

2011-06-2420:55:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2011-0197

app store

apple

mac os x

password security

sensitive information

local users

log file

nvd

5.2 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user’s AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions.

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.5.8
apple:mac_os_xapple mac os xeq10.6.7
apple:mac_os_xapple mac os xeq10.6.3
apple:mac_os_xapple mac os xeq10.6.6
apple:mac_os_xapple mac os xeq10.6.1
apple:mac_os_xapple mac os xeq10.6.0
apple:mac_os_xapple mac os xeq10.6.2
apple:mac_os_xapple mac os xeq10.6.4
apple:mac_os_xapple mac os xeq10.6.5
apple:mac_os_x_serverapple mac os x servereq10.5.8

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.5.8
apple:mac_os_x	apple mac os x	eq	10.6.7
apple:mac_os_x	apple mac os x	eq	10.6.3
apple:mac_os_x	apple mac os x	eq	10.6.6
apple:mac_os_x	apple mac os x	eq	10.6.1
apple:mac_os_x	apple mac os x	eq	10.6.0
apple:mac_os_x	apple mac os x	eq	10.6.2
apple:mac_os_x	apple mac os x	eq	10.6.4
apple:mac_os_x	apple mac os x	eq	10.6.5
apple:mac_os_x_server	apple mac os x server	eq	10.5.8