Lucene search
HistorySep 18, 2015 - 12:00 p.m.
CVE-2015-5920
cve-2015-5920
apple
itunes
software update
man-in-the-middle
smb credentials
nvd
5.8 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
42.7%
The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apple:itunes | apple itunes | le | 12.2 |
Related
prion
prion
Design/Logic Flaw
2015-09-18 12:00:00
openvas
openvas
Apple iTunes Multiple Vulnerabilities (Sep 2015) - Windows
2015-10-01 00:00:00
nessus
nessus
Apple iTunes < 12.3 Multiple Vulnerabilities (credentialed check)
2015-09-18 00:00:00
Apple iTunes < 12.3 Multiple Vulnerabilities (uncredentialed check)
2015-10-26 00:00:00
iTunes for Windows < 12.3 Multiple Vulnerabilities
2015-10-23 00:00:00
securityvulns
securityvulns
APPLE-SA-2015-09-16-3 iTunes 12.3
2015-10-05 00:00:00
Apple iTunes multiple security vulnerabilities
2015-10-25 00:00:00
kaspersky
kaspersky
KLA10669 Multiple vulnerabilities in Apple iTunes
2015-09-16 00:00:00
5.8 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
42.7%
Related for CVE-2015-5920