ID

VAR-202010-0196


CVE

CVE-2019-8631


TITLE

plural Apple Logic vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-015875

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A security flaw in several Apple products stems from the fact that users who are removed from an iMessage session can still change status

Trust: 1.8

sources: NVD: CVE-2019-8631 // JVNDB: JVNDB-2019-015875 // VULHUB: VHN-160066 // VULMON: CVE-2019-8631

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.5

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.4

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (ipad air 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (ipod touch 第 6 世代)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:12.3 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (iphone 5s 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:12.3 未満 (apple tv hd)

Trust: 0.8

sources: JVNDB: JVNDB-2019-015875 // NVD: CVE-2019-8631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8631
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015875
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1505
value: HIGH

Trust: 0.6

VULHUB: VHN-160066
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8631
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8631
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015875
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160066
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8631
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015875
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160066 // VULMON: CVE-2019-8631 // JVNDB: JVNDB-2019-015875 // CNNVD: CNNVD-202010-1505 // NVD: CVE-2019-8631

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2019-8631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1505

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1505

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015875

PATCH

title:HT210118url:https://support.apple.com/en-us/HT210118

Trust: 0.8

title:HT210119url:https://support.apple.com/en-us/HT210119

Trust: 0.8

title:HT210120url:https://support.apple.com/en-us/HT210120

Trust: 0.8

title:HT210118url:https://support.apple.com/ja-jp/HT210118

Trust: 0.8

title:HT210119url:https://support.apple.com/ja-jp/HT210119

Trust: 0.8

title:HT210120url:https://support.apple.com/ja-jp/HT210120

Trust: 0.8

sources: JVNDB: JVNDB-2019-015875

EXTERNAL IDS

db:NVDid:CVE-2019-8631

Trust: 2.6

db:JVNid:JVNVU93988385

Trust: 0.8

db:JVNDBid:JVNDB-2019-015875

Trust: 0.8

db:CNNVDid:CNNVD-202010-1505

Trust: 0.7

db:VULHUBid:VHN-160066

Trust: 0.1

db:VULMONid:CVE-2019-8631

Trust: 0.1

sources: VULHUB: VHN-160066 // VULMON: CVE-2019-8631 // JVNDB: JVNDB-2019-015875 // CNNVD: CNNVD-202010-1505 // NVD: CVE-2019-8631

REFERENCES

url:https://support.apple.com/en-us/ht210118

Trust: 1.8

url:https://support.apple.com/en-us/ht210119

Trust: 1.8

url:https://support.apple.com/en-us/ht210120

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8631

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8631

Trust: 0.8

url:http://jvn.jp/vu/jvnvu93988385/index.html

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-160066 // VULMON: CVE-2019-8631 // JVNDB: JVNDB-2019-015875 // CNNVD: CNNVD-202010-1505 // NVD: CVE-2019-8631

SOURCES

db:VULHUBid:VHN-160066
db:VULMONid:CVE-2019-8631
db:JVNDBid:JVNDB-2019-015875
db:CNNVDid:CNNVD-202010-1505
db:NVDid:CVE-2019-8631

LAST UPDATE DATE

2024-11-23T20:16:55.634000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-160066date:2020-10-28T00:00:00
db:VULMONid:CVE-2019-8631date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2019-015875date:2021-01-28T05:11:32
db:CNNVDid:CNNVD-202010-1505date:2021-08-16T00:00:00
db:NVDid:CVE-2019-8631date:2024-11-21T04:50:12.213

SOURCES RELEASE DATE

db:VULHUBid:VHN-160066date:2020-10-27T00:00:00
db:VULMONid:CVE-2019-8631date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2019-015875date:2021-01-28T05:11:32
db:CNNVDid:CNNVD-202010-1505date:2020-10-27T00:00:00
db:NVDid:CVE-2019-8631date:2020-10-27T20:15:16.250