Design/Logic Flaw

2018-04-0306:29:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

68.3%

JSON

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the “WebKit” component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

CPENameOperatorVersion
icloudlt7.4
iphone_oslt11.3
ituneslt12.7.4
safarilt11.1
watchoslt4.3
ubuntu_linuxeq16.04
ubuntu_linuxeq17.10
debian_linuxeq9.0
enterprise_linux_desktopeq6.0
enterprise_linux_servereq6.0

Name	Operator	Version
icloud	lt	7.4
iphone_os	lt	11.3
itunes	lt	12.7.4
safari	lt	11.1
watchos	lt	4.3
ubuntu_linux	eq	16.04
ubuntu_linux	eq	17.10
debian_linux	eq	9.0
enterprise_linux_desktop	eq	6.0
enterprise_linux_server	eq	6.0