7.8

CVE-2020-3864

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.

Data is provided by the National Vulnerability Database (NVD)
AppleiCloud SwPlatformwindows Version < 7.17
AppleiCloud SwPlatformwindows Version >= 10.0 < 10.9.2
AppleiTunes SwPlatformwindows Version < 12.10.4
AppleSafari Version < 13.0.5
AppleiPadOS Version < 13.3.1
AppleiPhone OS Version < 13.3.1
AppletvOS Version < 13.3.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.172
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://support.apple.com/en-us/HT210947
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT210918
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT210920
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT210922
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT210923
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT210948
Vendor Advisory
Release Notes