6.5

CVE-2023-27954

The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version < 16.4
AppleiPadOS Version < 15.7.4
AppleiPadOS Version >= 16.0 < 16.4
AppleiPhone OS Version < 15.7.4
AppleiPhone OS Version >= 16.0 < 16.4
ApplemacOS Version >= 13.0 < 13.3
AppletvOS Version < 16.4
ApplewatchOS Version < 9.4
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.93% 0.558
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://support.apple.com/en-us/HT213670
Vendor Advisory
https://support.apple.com/en-us/HT213673
Vendor Advisory
https://support.apple.com/en-us/HT213676
Vendor Advisory
https://support.apple.com/en-us/HT213674
Vendor Advisory
https://support.apple.com/en-us/HT213678
Vendor Advisory
https://support.apple.com/en-us/HT213671
Vendor Advisory