ID

VAR-202010-0197


CVE

CVE-2019-8633


TITLE

plural Apple Product validation vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2019-015876

DESCRIPTION

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory. plural Apple The product contains a validation vulnerability due to a flawed input sanitization process.Limited memory can be read through the application. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple macOS High Sierra is a dedicated operating system developed for Mac computers. tvOS is a smart TV operating system

Trust: 1.8

sources: NVD: CVE-2019-8633 // JVNDB: JVNDB-2019-015876 // VULHUB: VHN-160068 // VULMON: CVE-2019-8633

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.14.5

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:12.3

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.13.6

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:5.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.4

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (ipad air 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (ipod touch 第 6 世代)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:12.3 未満 (apple tv 4k)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.3 未満 (iphone 5s 以降)

Trust: 0.8

vendor:applemodel:tvosscope:eqversion:12.3 未満 (apple tv hd)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:5.3 未満 (apple watch series 1 以降)

Trust: 0.8

sources: JVNDB: JVNDB-2019-015876 // NVD: CVE-2019-8633

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8633
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015876
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1504
value: HIGH

Trust: 0.6

VULHUB: VHN-160068
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8633
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8633
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015876
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160068
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8633
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015876
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160068 // VULMON: CVE-2019-8633 // JVNDB: JVNDB-2019-015876 // CNNVD: CNNVD-202010-1504 // NVD: CVE-2019-8633

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-160068 // JVNDB: JVNDB-2019-015876 // NVD: CVE-2019-8633

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1504

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-1504

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-015876

PATCH

title:HT210118url:https://support.apple.com/en-us/HT210118

Trust: 0.8

title:HT210119url:https://support.apple.com/en-us/HT210119

Trust: 0.8

title:HT210120url:https://support.apple.com/en-us/HT210120

Trust: 0.8

title:HT210353url:https://support.apple.com/en-us/HT210353

Trust: 0.8

title:HT210118url:https://support.apple.com/ja-jp/HT210118

Trust: 0.8

title:HT210119url:https://support.apple.com/ja-jp/HT210119

Trust: 0.8

title:HT210120url:https://support.apple.com/ja-jp/HT210120

Trust: 0.8

title:HT210353url:https://support.apple.com/ja-jp/HT210353

Trust: 0.8

title:Multiple Apple Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=131782

Trust: 0.6

sources: JVNDB: JVNDB-2019-015876 // CNNVD: CNNVD-202010-1504

EXTERNAL IDS

db:NVDid:CVE-2019-8633

Trust: 2.6

db:JVNid:JVNVU93988385

Trust: 0.8

db:JVNid:JVNVU93368270

Trust: 0.8

db:JVNDBid:JVNDB-2019-015876

Trust: 0.8

db:CNNVDid:CNNVD-202010-1504

Trust: 0.7

db:CNVDid:CNVD-2020-61927

Trust: 0.1

db:VULHUBid:VHN-160068

Trust: 0.1

db:VULMONid:CVE-2019-8633

Trust: 0.1

sources: VULHUB: VHN-160068 // VULMON: CVE-2019-8633 // JVNDB: JVNDB-2019-015876 // CNNVD: CNNVD-202010-1504 // NVD: CVE-2019-8633

REFERENCES

url:https://support.apple.com/en-us/ht210118

Trust: 1.8

url:https://support.apple.com/en-us/ht210119

Trust: 1.8

url:https://support.apple.com/en-us/ht210120

Trust: 1.8

url:https://support.apple.com/en-us/ht210353

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2019-8633

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8633

Trust: 0.8

url:http://jvn.jp/vu/jvnvu93988385/index.html

Trust: 0.8

url:http://jvn.jp/vu/jvnvu93368270/index.html

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-160068 // VULMON: CVE-2019-8633 // JVNDB: JVNDB-2019-015876 // CNNVD: CNNVD-202010-1504 // NVD: CVE-2019-8633

SOURCES

db:VULHUBid:VHN-160068
db:VULMONid:CVE-2019-8633
db:JVNDBid:JVNDB-2019-015876
db:CNNVDid:CNNVD-202010-1504
db:NVDid:CVE-2019-8633

LAST UPDATE DATE

2024-11-23T20:02:18.561000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-160068date:2020-10-28T00:00:00
db:VULMONid:CVE-2019-8633date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2019-015876date:2021-01-28T05:11:34
db:CNNVDid:CNNVD-202010-1504date:2021-08-16T00:00:00
db:NVDid:CVE-2019-8633date:2024-11-21T04:50:12.423

SOURCES RELEASE DATE

db:VULHUBid:VHN-160068date:2020-10-27T00:00:00
db:VULMONid:CVE-2019-8633date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2019-015876date:2021-01-28T05:11:34
db:CNNVDid:CNNVD-202010-1504date:2020-10-27T00:00:00
db:NVDid:CVE-2019-8633date:2020-10-27T20:15:16.313