Lucene search

[email protected]CVE-2019-8690

HistoryDec 18, 2019 - 6:15 p.m.

CVE-2019-8690

2019-12-1818:15:00

CWE-79

[email protected]

web.nvd.nist.gov

198

cve-2019-8690

logic issue

document loads

ios

macos

tvos

security

update

cross site scripting

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.016 Low

EPSS

Percentile

87.3%

JSON

A logic issue existed in the handling of document loads. This issue was addressed with improved state management. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to universal cross site scripting.

CPENameOperatorVersion
apple:mac_os_xapple mac os xlt10.14.6
apple:safariapple safarilt12.1.2
apple:tvosapple tvoslt12.4
apple:iphone_osapple iphone oslt12.4
apple:icloudapple icloudlt7.13
apple:itunesapple ituneslt12.9.6
apple:icloudapple icloudlt10.6

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	lt	10.14.6
apple:safari	apple safari	lt	12.1.2
apple:tvos	apple tvos	lt	12.4
apple:iphone_os	apple iphone os	lt	12.4
apple:icloud	apple icloud	lt	7.13
apple:itunes	apple itunes	lt	12.9.6
apple:icloud	apple icloud	lt	10.6