Sign-up

ID

VAR-201904-1443


CVE

CVE-2018-4389


TITLE

plural Apple Updates to product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908

DESCRIPTION

An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: Detail is Apple See the information provided by. * HTTP Through the client AFP Server attack * Arbitrary code execution * information leak * Buffer overflow * Privilege escalation * Service operation interruption (DoS) * File system tampering * UI Spoofing * Limit avoidance * Cross-site scripting * Address bar impersonation. Apple macOS Mojave is a set of dedicated operating systems developed by Apple for Mac computers. Mail is one of the email components. An input validation error vulnerability exists in the Mail component in Apple macOS Mojave prior to 10.14.1. The vulnerability stems from the failure of the network system or product to properly validate the input data

Trust: 2.52

sources: NVD: CVE-2018-4389 // JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014959 // VULHUB: VHN-134420 // VULMON: CVE-2018-4389

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.1

Trust: 1.0

vendor:applemodel:icloudscope:ltversion:for windows 7.8 earlier

Trust: 0.8

vendor:applemodel:iosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:itunesscope:ltversion:12.9.1 earlier

Trust: 0.8

vendor:applemodel:macos high sierrascope:eqversion:(security update 2018-001 not applied )

Trust: 0.8

vendor:applemodel:macos mojavescope:ltversion:10.14.1 earlier

Trust: 0.8

vendor:applemodel:macos sierrascope:eqversion:(security update 2018-005 not applied )

Trust: 0.8

vendor:applemodel:safariscope:ltversion:12.0.1 earlier

Trust: 0.8

vendor:applemodel:tvosscope:ltversion:12.1 earlier

Trust: 0.8

vendor:applemodel:watchosscope:ltversion:5.1 earlier

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14

Trust: 0.8

sources: JVNDB: JVNDB-2018-008908 // JVNDB: JVNDB-2018-014959 // NVD: CVE-2018-4389

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-4389
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-4389
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201810-1495
value: MEDIUM

Trust: 0.6

VULHUB: VHN-134420
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-4389
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-4389
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-134420
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-4389
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-134420 // VULMON: CVE-2018-4389 // JVNDB: JVNDB-2018-014959 // CNNVD: CNNVD-201810-1495 // NVD: CVE-2018-4389

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-134420 // JVNDB: JVNDB-2018-014959 // NVD: CVE-2018-4389

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-1495

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201810-1495

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-008908

PATCH
title:About the security content of macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierraurl:https://support.apple.com/en-us/HT209193
Trust: 1.6
title:About the security content of iTunes 12.9.1url:https://support.apple.com/en-us/HT209197
Trust: 0.8
title: About the security content of iCloud for Windows 7.8 url:https://support.apple.com/en-us/HT209198
Trust: 0.8
title:About the security content of Safari 12.0.1url:https://support.apple.com/en-us/HT209196
Trust: 0.8
title: About the security content of tvOS 12.1url:https://support.apple.com/en-us/HT209194
Trust: 0.8
title: About the security content of iOS 12.1url:https://support.apple.com/en-us/HT209192
Trust: 0.8
title: About the security content of watchOS 5.1url:https://support.apple.com/en-us/HT209195
Trust: 0.8
title:HT209193url:https://support.apple.com/ja-jp/HT209193
Trust: 0.8
title:Apple macOS Mojave Mail Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86473
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014959 // 
            
            
            
            CNNVD: CNNVD-201810-1495

EXTERNAL IDS
db:NVDid:CVE-2018-4389
Trust: 2.6
db:JVNid:JVNVU96365720
Trust: 1.6
db:JVNDBid:JVNDB-2018-008908
Trust: 0.8
db:JVNDBid:JVNDB-2018-014959
Trust: 0.8
db:CNNVDid:CNNVD-201810-1495
Trust: 0.7
db:VULHUBid:VHN-134420
Trust: 0.1
db:VULMONid:CVE-2018-4389
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134420 // 
            
            
            
            VULMON: CVE-2018-4389 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014959 // 
            
            
            
            CNNVD: CNNVD-201810-1495 // 
            
            
            
            NVD: CVE-2018-4389

REFERENCES
url:https://support.apple.com/kb/ht209193
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-4389
Trust: 1.4
url:https://jvn.jp/vu/jvnvu96365720/
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4389
Trust: 0.8
url:https://jvn.jp/vu/jvnvu96365720/index.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://seclists.org/fulldisclosure/2018/nov/10
Trust: 0.1
sources:
            
            
            VULHUB: VHN-134420 // 
            
            
            
            VULMON: CVE-2018-4389 // 
            
            
            
            JVNDB: JVNDB-2018-008908 // 
            
            
            
            JVNDB: JVNDB-2018-014959 // 
            
            
            
            CNNVD: CNNVD-201810-1495 // 
            
            
            
            NVD: CVE-2018-4389

CREDITS
Theodor Ragnar Gislason of Syndis,Dropbox Offensive Security Team
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201810-1495

SOURCES
db:VULHUBid:VHN-134420
db:VULMONid:CVE-2018-4389
db:JVNDBid:JVNDB-2018-008908
db:JVNDBid:JVNDB-2018-014959
db:CNNVDid:CNNVD-201810-1495
db:NVDid:CVE-2018-4389

LAST UPDATE DATE
2024-11-23T21:25:10.135000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-134420date:2019-04-05T00:00:00
db:VULMONid:CVE-2018-4389date:2019-04-05T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014959date:2019-04-18T00:00:00
db:CNNVDid:CNNVD-201810-1495date:2019-04-10T00:00:00
db:NVDid:CVE-2018-4389date:2024-11-21T04:07:19.087

SOURCES RELEASE DATE
db:VULHUBid:VHN-134420date:2019-04-03T00:00:00
db:VULMONid:CVE-2018-4389date:2019-04-03T00:00:00
db:JVNDBid:JVNDB-2018-008908date:2018-11-01T00:00:00
db:JVNDBid:JVNDB-2018-014959date:2019-04-18T00:00:00
db:CNNVDid:CNNVD-201810-1495date:2018-10-31T00:00:00
db:NVDid:CVE-2018-4389date:2019-04-03T18:29:12.533