CVE-2021-30912

EPSS 0.18%
Published 24.08.2021 19:15:19
Last modified 21.11.2024 06:04:57
Source product-security@apple.com
Teams watchlist Login
Open Login

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may gain access to a user's Keychain items.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ macOS X Version < 10.15.7

Apple ≫ macOS X Version10.15.7 Update-

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-002

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-003

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-004

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-005

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-006

Apple ≫ macOS X Version10.15.7 Updatesupplemental_update

Apple ≫ macOS Version >= 11.0 < 11.6.1

Apple ≫ macOS Version12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.362

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-281 Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

https://support.apple.com/en-us/HT212869

https://support.apple.com/en-us/HT212872

https://support.apple.com/en-us/HT212871

https://nvd.nist.gov/vuln/detail/CVE-2021-30912

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-30912

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-30912

EUVD