5.3

CVE-2017-2391

An issue was discovered in certain Apple products. Pages before 6.1, Numbers before 4.1, and Keynote before 7.1 on macOS and Pages before 3.1, Numbers before 3.1, and Keynote before 3.1 on iOS are affected. The issue involves the "Export" component. It allows users to bypass iWork PDF password protection by leveraging use of 40-bit RC4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleKeynote SwPlatformmac_os_x Version <= 7.0.5
AppleNumbers SwPlatformmac_os_x Version <= 4.0.5
ApplePages SwPlatformmac_os_x Version <= 6.0.5
AppleKeynote SwPlatformiphone_os Version <= 3.0.5
AppleNumbers SwPlatformiphone_os Version <= 3.0.5
ApplePages SwPlatformiphone_os Version <= 3.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.96% 0.568
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

http://www.securityfocus.com/bid/97126
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038134
http://www.securitytracker.com/id/1038135
http://www.securitytracker.com/id/1038136
https://support.apple.com/HT207595
Vendor Advisory