CVE-2023-27932

EPSS 0.01%
Published 08.05.2023 20:15:17
Last modified 29.01.2025 21:15:15
Source product-security@apple.com
Teams watchlist Login
Open Login

This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ Safari Version < 16.4

Apple ≫ iPadOS Version < 16.4

Apple ≫ iPhone OS Version < 16.4

Apple ≫ macOS Version < 13.3

Apple ≫ tvOS Version < 16.4

Apple ≫ watchOS Version < 9.4

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.003

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://support.apple.com/en-us/HT213670

Vendor Advisory

https://support.apple.com/en-us/HT213676

Vendor Advisory

https://support.apple.com/en-us/HT213674

Vendor Advisory

https://support.apple.com/en-us/HT213678

Vendor Advisory

https://support.apple.com/en-us/HT213671

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-27932

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-27932

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-27932

EUVD