Sign-up

ID

VAR-201904-1338


CVE

CVE-2018-4470


TITLE

macOS High Sierra Privacy vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-014849

DESCRIPTION

A privacy issue in the handling of Open Directory records was addressed with improved indexing. This issue affected versions prior to macOS High Sierra 10.13.6. macOS High Sierra Is Open Directory A privacy vulnerability exists because of a flaw in the processing of record indexes.Information may be obtained. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Accounts is one of the user account components. This vulnerability is due to the lack of security measures such as authentication, access control, and rights management in network systems or products

Trust: 1.71

sources: NVD: CVE-2018-4470 // JVNDB: JVNDB-2018-014849 // VULHUB: VHN-134501

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.13.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.5

Trust: 0.8

sources: JVNDB: JVNDB-2018-014849 // NVD: CVE-2018-4470

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4470
value: LOW

Trust: 1.0

NVD: CVE-2018-4470
value: LOW

Trust: 0.8

CNNVD: CNNVD-201904-149
value: LOW

Trust: 0.6

VULHUB: VHN-134501
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4470
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-134501
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4470
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134501 // JVNDB: JVNDB-2018-014849 // CNNVD: CNNVD-201904-149 // NVD: CVE-2018-4470

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-254

Trust: 0.9

sources: VULHUB: VHN-134501 // JVNDB: JVNDB-2018-014849 // NVD: CVE-2018-4470

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201904-149

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201904-149

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014849

PATCH
title:HT208937url:https://support.apple.com/en-us/HT208937
Trust: 0.8
title:HT208937url:https://support.apple.com/ja-jp/HT208937
Trust: 0.8
title:Apple macOS High Sierra Accounts Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=91072
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014849 // 
            
            
            
            CNNVD: CNNVD-201904-149

EXTERNAL IDS
db:NVDid:CVE-2018-4470
Trust: 2.5
db:JVNid:JVNVU93082496
Trust: 0.8
db:JVNDBid:JVNDB-2018-014849
Trust: 0.8
db:CNNVDid:CNNVD-201904-149
Trust: 0.7
db:VULHUBid:VHN-134501
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134501 // 
            
            
            
            JVNDB: JVNDB-2018-014849 // 
            
            
            
            CNNVD: CNNVD-201904-149 // 
            
            
            
            NVD: CVE-2018-4470

REFERENCES
url:https://support.apple.com/kb/ht208937
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-4470
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4470
Trust: 0.8
url:https://jvn.jp/vu/jvnvu93082496/index.html
Trust: 0.8
sources:
            
            
            VULHUB: VHN-134501 // 
            
            
            
            JVNDB: JVNDB-2018-014849 // 
            
            
            
            CNNVD: CNNVD-201904-149 // 
            
            
            
            NVD: CVE-2018-4470

SOURCES
db:VULHUBid:VHN-134501
db:JVNDBid:JVNDB-2018-014849
db:CNNVDid:CNNVD-201904-149
db:NVDid:CVE-2018-4470

LAST UPDATE DATE
2024-11-23T19:43:27.738000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134501date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2018-014849date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201904-149date:2020-08-25T00:00:00
db:NVDid:CVE-2018-4470date:2024-11-21T04:07:27.407

SOURCES RELEASE DATE
db:VULHUBid:VHN-134501date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-014849date:2019-04-17T00:00:00
db:CNNVDid:CNNVD-201904-149date:2019-04-03T00:00:00
db:NVDid:CVE-2018-4470date:2019-04-03T18:29:17.470