Lucene search

K
cveAppleCVE-2019-8704
HistoryDec 18, 2019 - 6:15 p.m.

CVE-2019-8704

2019-12-1818:15:35
CWE-287
apple
web.nvd.nist.gov
53
authentication issue
state management
tvos 13
local user
sensitive information
nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0

Percentile

5.1%

An authentication issue was addressed with improved state management. This issue is fixed in tvOS 13. A local user may be able to leak sensitive user information.

Affected configurations

Nvd
Vulners
Node
appleiphone_osRange<13.0
OR
appletvosRange<13
VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "tvOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "tvOS 13",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6

Confidence

Low

EPSS

0

Percentile

5.1%

Related for CVE-2019-8704