7.2

CVE-2010-0498

Directory Services in Apple Mac OS X before 10.6.3 does not properly perform authorization during processing of record names, which allows local users to gain privileges via unspecified vectors.

Data is provided by the National Vulnerability Database (NVD)
ApplemacOS X Version <= 10.6.2
ApplemacOS X Version10.5
ApplemacOS X Version10.5.0
ApplemacOS X Version10.5.1
ApplemacOS X Version10.5.2
ApplemacOS X Version10.5.3
ApplemacOS X Version10.5.4
ApplemacOS X Version10.5.5
ApplemacOS X Version10.5.6
ApplemacOS X Version10.5.7
ApplemacOS X Version10.5.8
ApplemacOS X Version10.6.0
ApplemacOS X Version10.6.1
ApplemacOS X Server Version <= 10.6.2
ApplemacOS X Server Version10.5
ApplemacOS X Server Version10.5.0
ApplemacOS X Server Version10.5.1
ApplemacOS X Server Version10.5.2
ApplemacOS X Server Version10.5.3
ApplemacOS X Server Version10.5.4
ApplemacOS X Server Version10.5.5
ApplemacOS X Server Version10.5.6
ApplemacOS X Server Version10.5.7
ApplemacOS X Server Version10.5.8
ApplemacOS X Server Version10.6.0
ApplemacOS X Server Version10.6.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.04% 0.095
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://support.apple.com/kb/HT4077
Patch
Vendor Advisory