Sign-up

ID

VAR-202010-1259


CVE

CVE-2020-9787


TITLE

plural  Apple  Logic vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-010591

DESCRIPTION

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. Some websites may not have appeared in Safari Preferences. plural Apple A logic vulnerability exists in the product due to a flawed restriction.Part of Web The site Safari It may disappear from the Preferences of. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iPadOS is an operating system for iPad tablets. The following products and versions are affected: iOS prior to 13.4, iPadOS prior to 13.4, macOS Catalina prior to 10.15.4, tvOS prior to 13.4, and watchOS prior to 6.2

Trust: 1.8

sources: NVD: CVE-2020-9787 // JVNDB: JVNDB-2020-010591 // VULHUB: VHN-187912 // VULMON: CVE-2020-9787

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:ltversion:10.15.4

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:13.4

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15.3

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:13.4

Trust: 1.0

vendor:applemodel:ipad osscope:ltversion:13.4

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:6.2

Trust: 1.0

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:ltversion:6.2 (apple watch series 1 or later )

Trust: 0.8

sources: JVNDB: JVNDB-2020-010591 // NVD: CVE-2020-9787

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-9787
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-9787
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202010-1206
value: MEDIUM

Trust: 0.6

VULHUB: VHN-187912
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-9787
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-9787
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-187912
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-9787
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-9787
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-187912 // VULMON: CVE-2020-9787 // JVNDB: JVNDB-2020-010591 // CNNVD: CNNVD-202010-1206 // NVD: CVE-2020-9787

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-010591 // NVD: CVE-2020-9787

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-1206

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202010-1206

PATCH

title:HT211102 Apple  Security updateurl:https://support.apple.com/en-us/HT211100

Trust: 0.8

title:Multiple Apple Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134455

Trust: 0.6

title:Threatposturl:https://threatpost.com/apple-safari-flaws-webcam-access/154476/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/apple-paid-75k-for-bugs-letting-sites-hijack-iphone-cameras/

Trust: 0.1

sources: VULMON: CVE-2020-9787 // JVNDB: JVNDB-2020-010591 // CNNVD: CNNVD-202010-1206

EXTERNAL IDS

db:NVDid:CVE-2020-9787

Trust: 2.6

db:JVNid:JVNVU96545608

Trust: 0.8

db:JVNDBid:JVNDB-2020-010591

Trust: 0.8

db:CNNVDid:CNNVD-202010-1206

Trust: 0.7

db:VULHUBid:VHN-187912

Trust: 0.1

db:VULMONid:CVE-2020-9787

Trust: 0.1

sources: VULHUB: VHN-187912 // VULMON: CVE-2020-9787 // JVNDB: JVNDB-2020-010591 // CNNVD: CNNVD-202010-1206 // NVD: CVE-2020-9787

REFERENCES

url:https://support.apple.com/kb/ht211100

Trust: 1.8

url:https://support.apple.com/kb/ht211101

Trust: 1.8

url:https://support.apple.com/kb/ht211102

Trust: 1.8

url:https://support.apple.com/kb/ht211103

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2020-9787

Trust: 1.4

url:http://jvn.jp/vu/jvnvu96545608/index.html

Trust: 0.8

url:https://support.apple.com/en-us/ht211101

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.bleepingcomputer.com/news/security/apple-paid-75k-for-bugs-letting-sites-hijack-iphone-cameras/

Trust: 0.1

url:https://threatpost.com/apple-safari-flaws-webcam-access/154476/

Trust: 0.1

sources: VULHUB: VHN-187912 // VULMON: CVE-2020-9787 // JVNDB: JVNDB-2020-010591 // CNNVD: CNNVD-202010-1206 // NVD: CVE-2020-9787

SOURCES

db:VULHUBid:VHN-187912
db:VULMONid:CVE-2020-9787
db:JVNDBid:JVNDB-2020-010591
db:CNNVDid:CNNVD-202010-1206
db:NVDid:CVE-2020-9787

LAST UPDATE DATE

2024-11-23T20:38:05.974000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-187912date:2020-10-28T00:00:00
db:VULMONid:CVE-2020-9787date:2020-10-28T00:00:00
db:JVNDBid:JVNDB-2020-010591date:2021-01-28T08:11:00
db:CNNVDid:CNNVD-202010-1206date:2021-10-29T00:00:00
db:NVDid:CVE-2020-9787date:2024-11-21T05:41:17.117

SOURCES RELEASE DATE

db:VULHUBid:VHN-187912date:2020-10-22T00:00:00
db:VULMONid:CVE-2020-9787date:2020-10-22T00:00:00
db:JVNDBid:JVNDB-2020-010591date:2021-01-28T00:00:00
db:CNNVDid:CNNVD-202010-1206date:2020-10-22T00:00:00
db:NVDid:CVE-2020-9787date:2020-10-22T18:15:13.503