6.4
CVE-2013-3667
- EPSS 0.45%
- Veröffentlicht 31.12.2013 20:55:15
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation, which allows attackers to perform "tampering or corruption" of the updates.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Barebones ≫ Textwrangler Version <= 4.5.2
Barebones ≫ Textwrangler Version2.3
Barebones ≫ Textwrangler Version3.0
Barebones ≫ Textwrangler Version3.1
Barebones ≫ Textwrangler Version3.5
Barebones ≫ Textwrangler Version3.5.1
Barebones ≫ Textwrangler Version3.5.3
Barebones ≫ Textwrangler Version4.0
Barebones ≫ Textwrangler Version4.0.1
Barebones ≫ Textwrangler Version4.5
Barebones ≫ Textwrangler Version4.5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.609 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 10 | 4.9 |
AV:N/AC:L/Au:N/C:N/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.