6.5

CVE-2020-9849

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.

Data is provided by the National Vulnerability Database (NVD)
AppleiCloud SwPlatformwindows Version < 11.5
AppleiTunes SwPlatformwindows Version >= 12.0.0 < 12.10.9
AppleiPadOS Version < 14.0
ApplemacOS Version < 11.0.1
AppletvOS Version < 14.0
ApplewatchOS Version < 7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.07% 0.768
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://seclists.org/fulldisclosure/2020/Dec/32
Third Party Advisory
Mailing List
https://support.apple.com/en-us/HT211850
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT211843
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT211931
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT211935
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT211844
Vendor Advisory
Release Notes
https://support.apple.com/en-us/HT211952
Vendor Advisory
Release Notes