CVE-2020-9934

Warnung

EPSS 2.81%
Veröffentlicht 16.10.2020 17:15:17
Zuletzt bearbeitet 23.10.2025 18:04:37
Quelle product-security@apple.com
CVE-Watchlists
Login
Unerledigt
Login

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iPadOS Version < 13.6

Apple ≫ iPhone OS Version < 13.6

Apple ≫ macOS X Version < 10.15.6

08.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple iOS, iPadOS, and macOS Input Validation Vulnerability

Schwachstelle

Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.81%	0.857

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

https://support.apple.com/HT211289

Vendor Advisory

Release Notes

https://support.apple.com/HT211288

Vendor Advisory

Release Notes

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-9934

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-9934

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-9934

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-9934

EUVD