5

CVE-2015-3784

EPSS 0.87%
Veröffentlicht 16.08.2015 23:59:56
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle product-security@apple.com
Teams Watchlist Login
Unerledigt Login

Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ macOS X Version <= 10.10.4

Apple ≫ iPhone OS Version <= 8.4

Apple ≫ Numbers Version <= 3.5

Apple ≫ Keynote Version <= 6.5

Apple ≫ Pages Version <= 5.5.3

Apple ≫ Iwork Version <= 2.5.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.87%	0.742

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

Vendor Advisory

https://support.apple.com/kb/HT205031

Vendor Advisory

http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html

Vendor Advisory

https://support.apple.com/kb/HT205030

Vendor Advisory

http://www.securitytracker.com/id/1033275

http://www.securityfocus.com/bid/76343

http://lists.apple.com/archives/security-announce/2015/Oct/msg00000.html

Vendor Advisory

https://support.apple.com/HT205373

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-3784

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3784

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3784

EUVD