Sign-up

ID

VAR-202004-1997


CVE

CVE-2020-3889


TITLE

macOS Catalina Logic vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-003728

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers. Time Machine is one of the computer backup components. An information disclosure vulnerability exists in the Time Machine component of Apple macOS Catalina prior to 10.15.4

Trust: 1.71

sources: NVD: CVE-2020-3889 // JVNDB: JVNDB-2020-003728 // VULHUB: VHN-182014

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.3

Trust: 0.8

sources: JVNDB: JVNDB-2020-003728 // NVD: CVE-2020-3889

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3889
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003728
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202003-1580
value: MEDIUM

Trust: 0.6

VULHUB: VHN-182014
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3889
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-003728
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-182014
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3889
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003728
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-182014 // JVNDB: JVNDB-2020-003728 // CNNVD: CNNVD-202003-1580 // NVD: CVE-2020-3889

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-182014 // JVNDB: JVNDB-2020-003728 // NVD: CVE-2020-3889

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202003-1580

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202003-1580

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-003728

PATCH
title:HT211100url:https://support.apple.com/en-us/HT211100
Trust: 0.8
title:HT211100url:https://support.apple.com/ja-jp/HT211100
Trust: 0.8
title:Apple macOS Catalina Time Machine Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=112991
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-003728 // 
            
            
            
            CNNVD: CNNVD-202003-1580

EXTERNAL IDS
db:NVDid:CVE-2020-3889
Trust: 2.5
db:JVNid:JVNVU96545608
Trust: 0.8
db:JVNDBid:JVNDB-2020-003728
Trust: 0.8
db:CNNVDid:CNNVD-202003-1580
Trust: 0.7
db:VULHUBid:VHN-182014
Trust: 0.1
sources:
            
            
            VULHUB: VHN-182014 // 
            
            
            
            JVNDB: JVNDB-2020-003728 // 
            
            
            
            CNNVD: CNNVD-202003-1580 // 
            
            
            
            NVD: CVE-2020-3889

REFERENCES
url:https://support.apple.com/ht211100
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3889
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3889
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96545608/index.html
Trust: 0.8
url:https://support.apple.com/en-us/ht211100
Trust: 0.6
sources:
            
            
            VULHUB: VHN-182014 // 
            
            
            
            JVNDB: JVNDB-2020-003728 // 
            
            
            
            CNNVD: CNNVD-202003-1580 // 
            
            
            
            NVD: CVE-2020-3889

SOURCES
db:VULHUBid:VHN-182014
db:JVNDBid:JVNDB-2020-003728
db:CNNVDid:CNNVD-202003-1580
db:NVDid:CVE-2020-3889

LAST UPDATE DATE
2024-11-23T19:53:21.079000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-182014date:2021-07-21T00:00:00
db:JVNDBid:JVNDB-2020-003728date:2020-04-23T00:00:00
db:CNNVDid:CNNVD-202003-1580date:2021-10-29T00:00:00
db:NVDid:CVE-2020-3889date:2024-11-21T05:31:54.247

SOURCES RELEASE DATE
db:VULHUBid:VHN-182014date:2020-04-01T00:00:00
db:JVNDBid:JVNDB-2020-003728date:2020-04-23T00:00:00
db:CNNVDid:CNNVD-202003-1580date:2020-03-25T00:00:00
db:NVDid:CVE-2020-3889date:2020-04-01T18:15:16.007