Lucene search

[email protected]CVE-2015-1146

HistoryApr 10, 2015 - 2:59 p.m.

CVE-2015-1146

2015-04-1014:59:00

CWE-310

[email protected]

web.nvd.nist.gov

cve-2015-1146

code signing

apple os x

security flaw

access restrictions

5.8 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145.

CPENameOperatorVersion
apple:mac_os_xapple mac os xlt10.10.3

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	lt	10.10.3

References

lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

www.securityfocus.com/bid/73982

www.securitytracker.com/id/1032048

support.apple.com/HT204659

5.8 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2015-1146

prion2 cve1 kaspersky1 openvas1 nessus2 securityvulns2