Lucene search

[email protected]NVD:CVE-2020-9916

HistoryOct 16, 2020 - 5:15 p.m.

CVE-2020-9916

2020-10-1617:15:17

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.003

Percentile

69.0%

JSON

A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.

Affected configurations

Nvd

Node

appleicloudRange<7.20windows

appleicloudRange11.0–11.3windows

appleitunesRange<12.10.8windows

applesafariRange<13.1.2

appleipadosRange<13.6

appleiphone_osRange<13.6

appletvosRange<13.4.8

applewatchosRange<6.2.8

References

support.apple.com/HT211288

support.apple.com/HT211290

support.apple.com/HT211291

support.apple.com/HT211292

support.apple.com/HT211293

support.apple.com/HT211294

support.apple.com/HT211295

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.003

Percentile

69.0%

JSON

Related for NVD:CVE-2020-9916

prion1 cvelist1 cve1 apple14 kaspersky1