Details of VAR-202010-0197

ID

VAR-202010-0197

CVE

CVE-2019-8633

TITLE

plural Apple Product validation vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-015876

DESCRIPTION

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory. plural Apple The product contains a validation vulnerability due to a flawed input sanitization process.Limited memory can be read through the application. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple macOS High Sierra is a dedicated operating system developed for Mac computers. tvOS is a smart TV operating system

Trust: 1.8

sources: NVD: CVE-2019-8633 // JVNDB: JVNDB-2019-015876 // VULHUB: VHN-160068 // VULMON: CVE-2019-8633

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lt	version:	10.14.5	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	12.3	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	12.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.13.6	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	5.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.4	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	12.3 未満 (ipad air 以降)	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.13.6	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	12.3 未満 (ipod touch 第 6 世代)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	12.3 未満 (apple tv 4k)	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	12.3 未満 (iphone 5s 以降)	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	12.3 未満 (apple tv hd)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	5.3 未満 (apple watch series 1 以降)	Trust: 0.8

sources: JVNDB: JVNDB-2019-015876 // NVD: CVE-2019-8633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-8633
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2019-015876
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-1504
value:	HIGH
Trust: 0.6
VULHUB:	VHN-160068
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2019-8633
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-8633
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2019-015876
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-160068
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-8633
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	JVNDB-2019-015876
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-160068 // VULMON: CVE-2019-8633 // JVNDB: JVNDB-2019-015876 // CNNVD: CNNVD-202010-1504 // NVD: CVE-2019-8633

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-160068 // JVNDB: JVNDB-2019-015876 // NVD: CVE-2019-8633

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1504

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1504

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015876

PATCH

title:	HT210118	url:	https://support.apple.com/en-us/HT210118	Trust: 0.8
title:	HT210119	url:	https://support.apple.com/en-us/HT210119	Trust: 0.8
title:	HT210120	url:	https://support.apple.com/en-us/HT210120	Trust: 0.8
title:	HT210353	url:	https://support.apple.com/en-us/HT210353	Trust: 0.8
title:	HT210118	url:	https://support.apple.com/ja-jp/HT210118	Trust: 0.8
title:	HT210119	url:	https://support.apple.com/ja-jp/HT210119	Trust: 0.8
title:	HT210120	url:	https://support.apple.com/ja-jp/HT210120	Trust: 0.8
title:	HT210353	url:	https://support.apple.com/ja-jp/HT210353	Trust: 0.8
title:	Multiple Apple Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131782	Trust: 0.6

sources: JVNDB: JVNDB-2019-015876 // CNNVD: CNNVD-202010-1504

EXTERNAL IDS

db:	NVD	id:	CVE-2019-8633	Trust: 2.6
db:	JVN	id:	JVNVU93988385	Trust: 0.8
db:	JVN	id:	JVNVU93368270	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-015876	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-1504	Trust: 0.7
db:	CNVD	id:	CNVD-2020-61927	Trust: 0.1
db:	VULHUB	id:	VHN-160068	Trust: 0.1
db:	VULMON	id:	CVE-2019-8633	Trust: 0.1

sources: VULHUB: VHN-160068 // VULMON: CVE-2019-8633 // JVNDB: JVNDB-2019-015876 // CNNVD: CNNVD-202010-1504 // NVD: CVE-2019-8633

REFERENCES

url:	https://support.apple.com/en-us/ht210118	Trust: 1.8
url:	https://support.apple.com/en-us/ht210119	Trust: 1.8
url:	https://support.apple.com/en-us/ht210120	Trust: 1.8
url:	https://support.apple.com/en-us/ht210353	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-8633	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8633	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93988385/index.html	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu93368270/index.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-160068 // VULMON: CVE-2019-8633 // JVNDB: JVNDB-2019-015876 // CNNVD: CNNVD-202010-1504 // NVD: CVE-2019-8633

SOURCES

db:	VULHUB	id:	VHN-160068
db:	VULMON	id:	CVE-2019-8633
db:	JVNDB	id:	JVNDB-2019-015876
db:	CNNVD	id:	CNNVD-202010-1504
db:	NVD	id:	CVE-2019-8633

LAST UPDATE DATE

2024-11-23T20:02:18.561000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-160068	date:	2020-10-28T00:00:00
db:	VULMON	id:	CVE-2019-8633	date:	2020-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2019-015876	date:	2021-01-28T05:11:34
db:	CNNVD	id:	CNNVD-202010-1504	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2019-8633	date:	2024-11-21T04:50:12.423

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-160068	date:	2020-10-27T00:00:00
db:	VULMON	id:	CVE-2019-8633	date:	2020-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2019-015876	date:	2021-01-28T05:11:34
db:	CNNVD	id:	CNNVD-202010-1504	date:	2020-10-27T00:00:00
db:	NVD	id:	CVE-2019-8633	date:	2020-10-27T20:15:16.313