5.3
CVE-2024-40794
- EPSS 1.18%
- Veröffentlicht 29.07.2024 23:15:12
- Zuletzt bearbeitet 02.04.2026 19:17:45
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
This issue was addressed through improved state management. This issue is fixed in Safari 17.6, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Private Browsing tabs may be accessed without authentication.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.18% | 0.636 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://seclists.org/fulldisclosure/2024/Jul/18
https://support.apple.com/kb/HT214119
http://seclists.org/fulldisclosure/2024/Jul/16
https://support.apple.com/kb/HT214117
http://seclists.org/fulldisclosure/2024/Jul/15
https://support.apple.com/en-us/HT214119
https://support.apple.com/en-us/HT214117
https://support.apple.com/en-us/HT214121
https://support.apple.com/kb/HT214121
https://support.apple.com/en-us/120911
https://support.apple.com/en-us/120909
https://support.apple.com/en-us/120913
https://lists.debian.org/debian-lts-announce/2024/09/msg00006.html