Lucene search

AppleCVE-2020-9982

HistoryOct 27, 2020 - 9:15 p.m.

CVE-2020-9982

2020-10-2721:15:16

apple

web.nvd.nist.gov

cve

2020

9982

apple music

android

unauthorized actions

security

credential leak

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

29.0%

JSON

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user’s credentials.

Affected configurations

Nvd

Vulners

Node

applemusicMatch3.4.0android

VendorProductVersionCPE
applemusic3.4.0cpe:2.3:a:apple:music:3.4.0:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
apple	music	3.4.0	cpe:2.3:a:apple:music:3.4.0:::::android::

CNA Affected

[
  {
    "product": "Apple Music for Android",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "3.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

support.apple.com/en-us/HT211898

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

4.2

Confidence

High

EPSS

0.001

Percentile

29.0%

JSON

Related for CVE-2020-9982