ID

VAR-202109-1388


CVE

CVE-2021-30688


TITLE

macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013552

DESCRIPTION

A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation. macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The vulnerability stems from incorrect file path validation within the App Store component, allowing malicious applications to bypass implemented security restrictions. Affected versions: macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 20D91, 1E2.3, 20D91, 11.2.3, 20D74 20E241

Trust: 2.34

sources: NVD: CVE-2021-30688 // JVNDB: JVNDB-2021-013552 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390421 // VULMON: CVE-2021-30688

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.15.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.4

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013552 // NVD: CVE-2021-30688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30688
value: HIGH

Trust: 1.0

NVD: CVE-2021-30688
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-1451
value: HIGH

Trust: 0.6

VULHUB: VHN-390421
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-30688
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30688
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-390421
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30688
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-30688
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390421 // VULMON: CVE-2021-30688 // JVNDB: JVNDB-2021-013552 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1451 // NVD: CVE-2021-30688

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013552 // NVD: CVE-2021-30688

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1451

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:HT212529 Apple  Security updateurl:https://support.apple.com/en-us/HT212529

Trust: 0.8

title:Apple macOS Big Sur Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151644

Trust: 0.6

sources: JVNDB: JVNDB-2021-013552 // CNNVD: CNNVD-202105-1451

EXTERNAL IDS

db:NVDid:CVE-2021-30688

Trust: 3.4

db:JVNDBid:JVNDB-2021-013552

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1794

Trust: 0.6

db:CS-HELPid:SB2021052415

Trust: 0.6

db:CNNVDid:CNNVD-202105-1451

Trust: 0.6

db:VULHUBid:VHN-390421

Trust: 0.1

db:VULMONid:CVE-2021-30688

Trust: 0.1

sources: VULHUB: VHN-390421 // VULMON: CVE-2021-30688 // JVNDB: JVNDB-2021-013552 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1451 // NVD: CVE-2021-30688

REFERENCES

url:https://support.apple.com/en-us/ht212529

Trust: 1.8

url:https://support.apple.com/en-us/ht212530

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-30688

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052415

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1794

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35514

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://seclists.org/fulldisclosure/2021/may/70

Trust: 0.1

sources: VULHUB: VHN-390421 // VULMON: CVE-2021-30688 // JVNDB: JVNDB-2021-013552 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1451 // NVD: CVE-2021-30688

SOURCES

db:VULHUBid:VHN-390421
db:VULMONid:CVE-2021-30688
db:JVNDBid:JVNDB-2021-013552
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-1451
db:NVDid:CVE-2021-30688

LAST UPDATE DATE

2024-08-14T12:08:20.962000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390421date:2022-07-12T00:00:00
db:VULMONid:CVE-2021-30688date:2021-09-17T00:00:00
db:JVNDBid:JVNDB-2021-013552date:2022-09-15T07:54:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-1451date:2022-07-14T00:00:00
db:NVDid:CVE-2021-30688date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-390421date:2021-09-08T00:00:00
db:VULMONid:CVE-2021-30688date:2021-09-08T00:00:00
db:JVNDBid:JVNDB-2021-013552date:2022-09-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-1451date:2021-05-24T00:00:00
db:NVDid:CVE-2021-30688date:2021-09-08T15:15:14.667