5.5

CVE-2020-9934

Warnung
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleiPadOS Version < 13.6
AppleiPhone OS Version < 13.6
ApplemacOS X Version < 10.15.6

08.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple iOS, iPadOS, and macOS Input Validation Vulnerability

Schwachstelle

Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.21% 0.865
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://support.apple.com/HT211289
Vendor Advisory
Release Notes
https://support.apple.com/HT211288
Vendor Advisory
Release Notes
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934
US Government Resource