Lucene search

[email protected]NVD:CVE-2022-46695

HistoryDec 15, 2022 - 7:15 p.m.

CVE-2022-46695

2022-12-1519:15:26

CWE-1021

[email protected]

web.nvd.nist.gov

spoofing

input validation

tvos

macos ventura

ios

ipados

watchos

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing.

Affected configurations

NVD

Node

appleipadosRange<15.7.2

appleipadosRange16.0–16.2

appleiphone_osRange<15.7.2

appleiphone_osRange16.0–16.2

applemacosRange<13.1

appletvosRange<16.2

applewatchosRange<9.2

References

seclists.org/fulldisclosure/2022/Dec/20

seclists.org/fulldisclosure/2022/Dec/21

seclists.org/fulldisclosure/2022/Dec/23

seclists.org/fulldisclosure/2022/Dec/26

seclists.org/fulldisclosure/2022/Dec/27

support.apple.com/en-us/HT213530

support.apple.com/en-us/HT213531

support.apple.com/en-us/HT213532

support.apple.com/en-us/HT213535

support.apple.com/en-us/HT213536

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

0.004 Low

EPSS

Percentile

72.8%

JSON

Related for NVD:CVE-2022-46695

cvelist1 prion1 cve1 apple5 nessus2 openvas1