Sign-up

ID

VAR-202010-0196


CVE

CVE-2019-8631


TITLE

plural Apple Logic vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-015875

DESCRIPTION

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A security flaw in several Apple products stems from the fact that users who are removed from an iMessage session can still change status

Trust: 1.8

sources: NVD: CVE-2019-8631 // JVNDB: JVNDB-2019-015875 // VULHUB: VHN-160066 // VULMON: CVE-2019-8631

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.5

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.4

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (ipad air 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (ipod touch 第 6 世代)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:12.3 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (iphone 5s 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:12.3 未満 (apple tv hd)

Trust: 0.8

sources: JVNDB: JVNDB-2019-015875 // NVD: CVE-2019-8631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8631
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015875
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1505
value: HIGH

Trust: 0.6

VULHUB: VHN-160066
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8631
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8631
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015875
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160066
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8631
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015875
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160066 // VULMON: CVE-2019-8631 // JVNDB: JVNDB-2019-015875 // CNNVD: CNNVD-202010-1505 // NVD: CVE-2019-8631

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2019-8631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1505

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1505

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015875

PATCH
title:HT210118url:https://support.apple.com/en-us/HT210118
Trust: 0.8
title:HT210119url:https://support.apple.com/en-us/HT210119
Trust: 0.8
title:HT210120url:https://support.apple.com/en-us/HT210120
Trust: 0.8
title:HT210118url:https://support.apple.com/ja-jp/HT210118
Trust: 0.8
title:HT210119url:https://support.apple.com/ja-jp/HT210119
Trust: 0.8
title:HT210120url:https://support.apple.com/ja-jp/HT210120
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015875

EXTERNAL IDS
db:NVDid:CVE-2019-8631
Trust: 2.6
db:JVNid:JVNVU93988385
Trust: 0.8
db:JVNDBid:JVNDB-2019-015875
Trust: 0.8
db:CNNVDid:CNNVD-202010-1505
Trust: 0.7
db:VULHUBid:VHN-160066
Trust: 0.1
db:VULMONid:CVE-2019-8631
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160066 // 
            
            
            
            VULMON: CVE-2019-8631 // 
            
            
            
            JVNDB: JVNDB-2019-015875 // 
            
            
            
            CNNVD: CNNVD-202010-1505 // 
            
            
            
            NVD: CVE-2019-8631

REFERENCES
url:https://support.apple.com/en-us/ht210118
Trust: 1.8
url:https://support.apple.com/en-us/ht210119
Trust: 1.8
url:https://support.apple.com/en-us/ht210120
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8631
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8631
Trust: 0.8
url:http://jvn.jp/vu/jvnvu93988385/index.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160066 // 
            
            
            
            VULMON: CVE-2019-8631 // 
            
            
            
            JVNDB: JVNDB-2019-015875 // 
            
            
            
            CNNVD: CNNVD-202010-1505 // 
            
            
            
            NVD: CVE-2019-8631

SOURCES
db:VULHUBid:VHN-160066
db:VULMONid:CVE-2019-8631
db:JVNDBid:JVNDB-2019-015875
db:CNNVDid:CNNVD-202010-1505
db:NVDid:CVE-2019-8631

LAST UPDATE DATE
2024-11-23T20:16:55.634000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-160066date:2020-10-28T00:00:00
db:VULMONid:CVE-2019-8631date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2019-015875date:2021-01-28T05:11:32
db:CNNVDid:CNNVD-202010-1505date:2021-08-16T00:00:00
db:NVDid:CVE-2019-8631date:2024-11-21T04:50:12.213

SOURCES RELEASE DATE
db:VULHUBid:VHN-160066date:2020-10-27T00:00:00
db:VULMONid:CVE-2019-8631date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2019-015875date:2021-01-28T05:11:32
db:CNNVDid:CNNVD-202010-1505date:2020-10-27T00:00:00
db:NVDid:CVE-2019-8631date:2020-10-27T20:15:16.250