Lucene search

[email protected]CVE-2018-4435

HistoryApr 03, 2019 - 6:29 p.m.

CVE-2018-4435

2019-04-0318:29:15

CWE-20

[email protected]

web.nvd.nist.gov

cve-2018-4435

logic issue

ios security

macos security

tvos security

watchos security

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.0%

JSON

A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.

Affected configurations

Vulners

NVD

Node

n\/aios\,_macos\,_tvos\,_watchosRange≤12.1.1

n\/aios\,_macos\,_tvos\,_watchosRange≤10.14.2

n\/aios\,_macos\,_tvos\,_watchosRange≤12.1.1

n\/aios\,_macos\,_tvos\,_watchosRange≤5.1.2

CPENameOperatorVersion
apple:iphone_osapple iphone oslt12.1.1
apple:mac_os_xapple mac os xlt10.14.2
apple:tvosapple tvoslt12.1.1
apple:watchosapple watchoslt5.1.2

CPE	Name	Operator	Version
apple:iphone_os	apple iphone os	lt	12.1.1
apple:mac_os_x	apple mac os x	lt	10.14.2
apple:tvos	apple tvos	lt	12.1.1
apple:watchos	apple watchos	lt	5.1.2

CNA Affected

[
  {
    "product": "iOS, macOS, tvOS, watchOS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Versions prior to: iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2"
      }
    ]
  }
]