Sign-up

ID

VAR-202010-0145


CVE

CVE-2019-8837


TITLE

macOS Logic vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015879

DESCRIPTION

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A malicious application may be able to access restricted files. macOS Exists in a logic vulnerability due to a flaw in the processing of restrictions.Restricted files can be accessed through malicious applications. A security vulnerability exists in the ATS component of Apple macOS Catalina versions prior to 10.15.2. An attacker could exploit this vulnerability to execute arbitrary code with system privileges. Apple macOS could allow a remote malicious user to execute arbitrary code on the system, caused by a memory corruption flaw in the ATS component

Trust: 1.8

sources: NVD: CVE-2019-8837 // JVNDB: JVNDB-2019-015879 // VULHUB: VHN-160272 // VULMON: CVE-2019-8837

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.15

Trust: 0.8

sources: JVNDB: JVNDB-2019-015879 // NVD: CVE-2019-8837

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8837
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015879
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201912-489
value: HIGH

Trust: 0.6

VULHUB: VHN-160272
value: HIGH

Trust: 0.1

VULMON: CVE-2019-8837
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-8837
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015879
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160272
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8837
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015879
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160272 // VULMON: CVE-2019-8837 // JVNDB: JVNDB-2019-015879 // CNNVD: CNNVD-201912-489 // NVD: CVE-2019-8837

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-119

Trust: 0.9

sources: VULHUB: VHN-160272 // JVNDB: JVNDB-2019-015879 // NVD: CVE-2019-8837

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201912-489

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201912-489

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015879

PATCH
title:HT210788url:https://support.apple.com/en-us/HT210788
Trust: 0.8
title:HT210788url:https://support.apple.com/ja-jp/HT210788
Trust: 0.8
title:Apple macOS Catalina ATS Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105887
Trust: 0.6
title:Apple: macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierraurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=08bd56f44c2e4cba8f5786d79b2ebe2d
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-8837 // 
            
            
            
            JVNDB: JVNDB-2019-015879 // 
            
            
            
            CNNVD: CNNVD-201912-489

EXTERNAL IDS
db:NVDid:CVE-2019-8837
Trust: 2.6
db:JVNid:JVNVU99404393
Trust: 0.8
db:JVNDBid:JVNDB-2019-015879
Trust: 0.8
db:CNNVDid:CNNVD-201912-489
Trust: 0.7
db:AUSCERTid:ESB-2019.4632
Trust: 0.6
db:VULHUBid:VHN-160272
Trust: 0.1
db:VULMONid:CVE-2019-8837
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160272 // 
            
            
            
            VULMON: CVE-2019-8837 // 
            
            
            
            JVNDB: JVNDB-2019-015879 // 
            
            
            
            CNNVD: CNNVD-201912-489 // 
            
            
            
            NVD: CVE-2019-8837

REFERENCES
url:https://support.apple.com/en-us/ht210788
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8837
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8837
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99404393/index.html
Trust: 0.8
url:https://support.apple.com/kb/ht201222
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-31121
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.4632/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/172907
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160272 // 
            
            
            
            VULMON: CVE-2019-8837 // 
            
            
            
            JVNDB: JVNDB-2019-015879 // 
            
            
            
            CNNVD: CNNVD-201912-489 // 
            
            
            
            NVD: CVE-2019-8837

SOURCES
db:VULHUBid:VHN-160272
db:VULMONid:CVE-2019-8837
db:JVNDBid:JVNDB-2019-015879
db:CNNVDid:CNNVD-201912-489
db:NVDid:CVE-2019-8837

LAST UPDATE DATE
2024-11-23T21:22:20.966000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-160272date:2020-10-28T00:00:00
db:VULMONid:CVE-2019-8837date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2019-015879date:2021-01-28T05:11:39
db:CNNVDid:CNNVD-201912-489date:2021-08-16T00:00:00
db:NVDid:CVE-2019-8837date:2024-11-21T04:50:34.400

SOURCES RELEASE DATE
db:VULHUBid:VHN-160272date:2020-10-27T00:00:00
db:VULMONid:CVE-2019-8837date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2019-015879date:2021-01-28T05:11:39
db:CNNVDid:CNNVD-201912-489date:2019-12-11T00:00:00
db:NVDid:CVE-2019-8837date:2020-10-27T20:15:20.813