Lucene search

[email protected]CVE-2016-1789

HistoryApr 05, 2016 - 5:59 p.m.

CVE-2016-1789

2016-04-0517:59:09

[email protected]

web.nvd.nist.gov

cve-2016-1789

apple

ibooks author

xml

xxe

security issue

nvd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.3%

JSON

Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected configurations

NVD

Node

appleibooks_authorRange≤2.4.0

CPENameOperatorVersion
apple:ibooks_authorapple ibooks authorle2.4.0

CPE	Name	Operator	Version
apple:ibooks_author	apple ibooks author	le	2.4.0

References

lists.apple.com/archives/security-announce/2016/Mar/msg00008.html

support.apple.com/kb/HT206224

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

4.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

61.3%

JSON

Related for CVE-2016-1789

nvd1 prion1 apple2 cvelist1