Sign-up

ID

VAR-202108-2061


CVE

CVE-2021-30862


TITLE

apple's  iTunes U  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021194

DESCRIPTION

A validation issue was addressed with improved input sanitization. This issue is fixed in iTunes U 3.8.3. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. apple's iTunes U There is an input validation vulnerability in.Information may be obtained and information may be tampered with. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Information about the security content is also available at https://support.apple.com/HT212809. CVE-2021-30862: Giyas Umarov (@3h6_1) of Holmdel High School Installation note: iTunes U 3.8.3 for iOS may be obtained from the App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p rhjucBAAo/VGsbEPr5OuaH7BLssGjchFhRQeyuT5d2H50dyE7Y0Os3ryZFdkPfo9 Sg2gX2A5jToz5EIXEddSWO+Ecaa80Iek/Gq4/HT5YzAenOlTYHaCn5cXbsa1jgfs 0VEyGLur1j/GRb6fSENh+cXphllCuizzkIxBwMSfG36HuMmFNiAakS/hbUwBe6Fz QaejFaKip84ZKl5xpZEQdGVMKeLwrY4zdW1Qz3KV5HPw9s20xZgmHshIf3Vn7TrN OPZcJHYmC957IgONt+pdLq2jvIX/D7cWgx+FTgoIfyl3NpSfc0cVOUixBvnAQ+ci SM17NRMyQuht2BNjBVePWAjHTORHuYO0o8fXFWI4GkaqzXeDJfa8G6APWOujPRQr 1u6vfc8q4ztfTEaEetZU6K0tbsF72l28QGE6yctZD91i7qOLjK53u5hEX7N/s6AR Q2MEpWte6+3NuAWngBp65d59oCLNsm5WRuVbynxS0m743bX9yAhPSPe5gRxsTMS1 7ebusKl1CDsJ65uUc8QtmYZg2lPL+em/cvhny8h6/xYYg+YFWlJ7X2/bKnp1EPZK 6PVCd9qG8hucQq1kRpsbfCrzApAsVHZJHJibNgmYD98Au7nTCLZxMq7h9IVF5uzN AnG5yF6UWps2UlZhB3k2P5lqTHurOU1r3gcBL7+QUcD6H48x8lc= =M9XX -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2021-30862 // JVNDB: JVNDB-2021-021194 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390595 // VULMON: CVE-2021-30862 // PACKETSTORM: 164252

AFFECTED PRODUCTS

vendor:applemodel:itunes uscope:ltversion:3.8.3

Trust: 1.0

vendor:アップルmodel:itunes uscope:eqversion:3.8.3

Trust: 0.8

vendor:アップルmodel:itunes uscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-021194 // NVD: CVE-2021-30862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30862
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-30862
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-1954
value: MEDIUM

Trust: 0.6

VULHUB: VHN-390595
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-30862
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30862
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-390595
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30862
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2021-30862
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390595 // VULMON: CVE-2021-30862 // JVNDB: JVNDB-2021-021194 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1954 // NVD: CVE-2021-30862

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-390595 // JVNDB: JVNDB-2021-021194 // NVD: CVE-2021-30862

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1954

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:HT212809 Apple  Security updateurl:https://support.apple.com/en-us/HT212809

Trust: 0.8

title:Apple iTunes Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168173

Trust: 0.6

sources: JVNDB: JVNDB-2021-021194 // CNNVD: CNNVD-202108-1954

EXTERNAL IDS

db:NVDid:CVE-2021-30862

Trust: 3.5

db:JVNDBid:JVNDB-2021-021194

Trust: 0.8

db:PACKETSTORMid:164252

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.3156

Trust: 0.6

db:CS-HELPid:SB2021091606

Trust: 0.6

db:CNNVDid:CNNVD-202108-1954

Trust: 0.6

db:VULHUBid:VHN-390595

Trust: 0.1

db:VULMONid:CVE-2021-30862

Trust: 0.1

sources: VULHUB: VHN-390595 // VULMON: CVE-2021-30862 // JVNDB: JVNDB-2021-021194 // PACKETSTORM: 164252 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1954 // NVD: CVE-2021-30862

REFERENCES

url:https://support.apple.com/en-us/ht212809

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-30862

Trust: 0.9

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3156

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021091606

Trust: 0.6

url:https://packetstormsecurity.com/files/164252/apple-security-advisory-2021-09-20-9.html

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/fulldisclosure/2021/sep/41

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://support.apple.com/ht212809.

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

sources: VULHUB: VHN-390595 // VULMON: CVE-2021-30862 // JVNDB: JVNDB-2021-021194 // PACKETSTORM: 164252 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1954 // NVD: CVE-2021-30862

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 164252

SOURCES

db:VULHUBid:VHN-390595
db:VULMONid:CVE-2021-30862
db:JVNDBid:JVNDB-2021-021194
db:PACKETSTORMid:164252
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-1954
db:NVDid:CVE-2021-30862

LAST UPDATE DATE

2024-08-14T13:01:19.735000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390595date:2021-11-01T00:00:00
db:VULMONid:CVE-2021-30862date:2021-11-01T00:00:00
db:JVNDBid:JVNDB-2021-021194date:2024-07-18T06:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-1954date:2021-11-02T00:00:00
db:NVDid:CVE-2021-30862date:2023-11-07T03:33:34.903

SOURCES RELEASE DATE

db:VULHUBid:VHN-390595date:2021-08-24T00:00:00
db:VULMONid:CVE-2021-30862date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-021194date:2024-07-18T00:00:00
db:PACKETSTORMid:164252date:2021-09-22T16:37:25
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-1954date:2021-08-24T00:00:00
db:NVDid:CVE-2021-30862date:2021-08-24T19:15:14.520