Lucene search

K

[email protected]NVD:CVE-2022-46705

HistoryFeb 27, 2023 - 8:15 p.m.

CVE-2022-46705

2023-02-2720:15:12

[email protected]

web.nvd.nist.gov

2

spoofing

urls

input validation

ios

ipados

macos ventura

safari

malicious website

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.

Affected configurations

NVD

Node

applesafariRange<16.2

OR

appleipadosRange<15.7.2

OR

appleipadosRange16.0–16.2

OR

appleiphone_osRange<15.7.2

OR

appleiphone_osRange16.0–16.2

OR

applemacosRange<13.1

OR

appletvosRange<16.2

OR

applewatchosRange<9.2

References

www.openwall.com/lists/oss-security/2023/11/15/1

support.apple.com/en-us/HT213530

support.apple.com/en-us/HT213532

support.apple.com/en-us/HT213537

support.apple.com/kb/HT213531

support.apple.com/kb/HT213535

support.apple.com/kb/HT213536

support.apple.com/kb/HT213676

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.9 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.8%

Related for NVD:CVE-2022-46705

cvelist1 debiancve1 redhatcve1 ubuntucve1 cve1 prion1 osv2 openvas7 nessus10 apple7 amazon1 redhat2