Sign-up

ID

VAR-202010-0213


CVE

CVE-2019-8618


TITLE

plural Apple Logic vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2019-015874

DESCRIPTION

A logic issue was addressed with improved restrictions. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. A sandboxed process may be able to circumvent sandbox restrictions. watchOS , macOS , iOS Exists in a logic vulnerability due to a flaw in the processing of restrictions.Sandboxed processes can circumvent sandboxing restrictions. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple macOS High Sierra is a dedicated operating system developed for Mac computers. Apple watchOS is a smart watch operating system

Trust: 1.8

sources: NVD: CVE-2019-8618 // JVNDB: JVNDB-2019-015874 // VULHUB: VHN-160053 // VULMON: CVE-2019-8618

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:12.2

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.4

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:5.2

Trust: 1.0

vendor:applemodel:iosscope:eqversion:12.2 未満 (iphone 5s 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.2 未満 (ipad air 以降)

Trust: 0.8

vendor:applemodel:iosscope:eqversion:12.2 未満 (ipod touch 第 6 世代)

Trust: 0.8

vendor:applemodel:watchosscope:eqversion:5.2 未満 (apple watch series 1 以降)

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:10.14.3

Trust: 0.8

sources: JVNDB: JVNDB-2019-015874 // NVD: CVE-2019-8618

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-8618
value: HIGH

Trust: 1.0

NVD: JVNDB-2019-015874
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-1506
value: HIGH

Trust: 0.6

VULHUB: VHN-160053
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-8618
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-8618
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2019-015874
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160053
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-8618
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015874
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-160053 // VULMON: CVE-2019-8618 // JVNDB: JVNDB-2019-015874 // CNNVD: CNNVD-202010-1506 // NVD: CVE-2019-8618

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2019-8618

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1506

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1506

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015874

PATCH
title:HT209599url:https://support.apple.com/en-us/HT209599
Trust: 0.8
title:HT209600url:https://support.apple.com/en-us/HT209600
Trust: 0.8
title:HT209602url:https://support.apple.com/en-us/HT209602
Trust: 0.8
title:HT209599url:https://support.apple.com/ja-jp/HT209599
Trust: 0.8
title:HT209600url:https://support.apple.com/ja-jp/HT209600
Trust: 0.8
title:HT209602url:https://support.apple.com/ja-jp/HT209602
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015874

EXTERNAL IDS
db:NVDid:CVE-2019-8618
Trust: 2.6
db:JVNid:JVNVU93236010
Trust: 0.8
db:JVNDBid:JVNDB-2019-015874
Trust: 0.8
db:CNNVDid:CNNVD-202010-1506
Trust: 0.7
db:VULHUBid:VHN-160053
Trust: 0.1
db:VULMONid:CVE-2019-8618
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160053 // 
            
            
            
            VULMON: CVE-2019-8618 // 
            
            
            
            JVNDB: JVNDB-2019-015874 // 
            
            
            
            CNNVD: CNNVD-202010-1506 // 
            
            
            
            NVD: CVE-2019-8618

REFERENCES
url:https://support.apple.com/en-us/ht209599
Trust: 1.8
url:https://support.apple.com/en-us/ht209600
Trust: 1.8
url:https://support.apple.com/en-us/ht209602
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-8618
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-8618
Trust: 0.8
url:http://jvn.jp/vu/jvnvu93236010/index.html
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-160053 // 
            
            
            
            VULMON: CVE-2019-8618 // 
            
            
            
            JVNDB: JVNDB-2019-015874 // 
            
            
            
            CNNVD: CNNVD-202010-1506 // 
            
            
            
            NVD: CVE-2019-8618

SOURCES
db:VULHUBid:VHN-160053
db:VULMONid:CVE-2019-8618
db:JVNDBid:JVNDB-2019-015874
db:CNNVDid:CNNVD-202010-1506
db:NVDid:CVE-2019-8618

LAST UPDATE DATE
2024-11-23T19:55:24.950000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-160053date:2020-10-28T00:00:00
db:VULMONid:CVE-2019-8618date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2019-015874date:2021-01-28T05:11:31
db:CNNVDid:CNNVD-202010-1506date:2021-08-16T00:00:00
db:NVDid:CVE-2019-8618date:2024-11-21T04:50:10.960

SOURCES RELEASE DATE
db:VULHUBid:VHN-160053date:2020-10-27T00:00:00
db:VULMONid:CVE-2019-8618date:2020-10-27T00:00:00
db:JVNDBid:JVNDB-2019-015874date:2021-01-28T05:11:31
db:CNNVDid:CNNVD-202010-1506date:2020-10-27T00:00:00
db:NVDid:CVE-2019-8618date:2020-10-27T20:15:16.190