5.5

CVE-2022-32786

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.

Data is provided by the National Vulnerability Database (NVD)
ApplemacOS X Version10.15.7 Updatesecurity_update_2020-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-002
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-003
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-004
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-005
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-006
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-007
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-008
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-002
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-003
ApplemacOS Version < 10.15.7
ApplemacOS Version >= 11.0 < 11.6.8
ApplemacOS Version >= 12.0 < 12.5
ApplemacOS Version10.15.7 Update-
ApplemacOS Version10.15.7 Updatesecurity_update_2022-004
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.13% 0.331
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.