CVE-2019-8803

EPSS 0.16%
Veröffentlicht 18.12.2019 18:15:42
Zuletzt bearbeitet 21.11.2024 04:50:30
Quelle product-security@apple.com
Teams Watchlist Login
Unerledigt Login

An authentication issue was addressed with improved state management. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. A local attacker may be able to login to the account of a previously logged in user without valid credentials..

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iPadOS Version < 13.2

Apple ≫ iPhone OS Version < 13.2

Apple ≫ macOS X Version < 10.15.1

Apple ≫ tvOS Version < 13.2

Apple ≫ watchOS Version < 6.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.334

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-613 Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

https://support.apple.com/HT210724

Vendor Advisory

https://support.apple.com/HT210721

Vendor Advisory

https://support.apple.com/HT210723

Vendor Advisory

https://support.apple.com/HT210722

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-8803

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-8803

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-8803

EUVD