CVE-2018-4311

Published Apr 3, 2019

Last updated 6 years ago

CVSS high 8.1

Overview

Description: The issue was addressed by removing origin information. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
Source: product-security@apple.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.1
Impact score: 5.2
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D250753-EC40-4DEB-B1A7-B2E2E872D705",
            "versionEndExcluding": "12"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37A59AD6-A000-48BE-A575-D1A39DCB0D88",
            "versionEndExcluding": "12.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "397E2910-7F1A-4576-B28D-E5796DE20CC8",
            "versionEndExcluding": "5.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E92A7FC9-12AE-4E07-BA72-0A4075119426",
            "versionEndExcluding": "7.7"
          },
          {
            "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48FFD64E-C6DE-41EA-A70C-3E25F133901F",
            "versionEndExcluding": "12.9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References