Details of VAR-202108-1151

ID

VAR-202108-1151

CVE

CVE-2021-30997

TITLE

apple's iPadOS and iOS Vulnerability in plaintext storage of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2021-021089

DESCRIPTION

A S/MIME issue existed in the handling of encrypted email. This issue was addressed by not automatically loading some MIME parts. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker may be able to recover plaintext contents of an S/MIME-encrypted e-mail. apple's iPadOS and iOS There is a vulnerability in plaintext storage of important information.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none

Trust: 1.8

sources: NVD: CVE-2021-30997 // JVNDB: JVNDB-2021-021089 // VULHUB: VHN-390730 // VULMON: CVE-2021-30997

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	15.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.2	Trust: 1.0
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	eq	version:	15.2	Trust: 0.8

sources: JVNDB: JVNDB-2021-021089 // NVD: CVE-2021-30997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30997
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-30997
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202108-2103
value:	HIGH
Trust: 0.6
VULHUB:	VHN-390730
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30997
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-390730
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30997
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30997
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390730 // JVNDB: JVNDB-2021-021089 // CNNVD: CNNVD-202108-2103 // NVD: CVE-2021-30997

PROBLEMTYPE DATA

problemtype:	CWE-312	Trust: 1.1
problemtype:	Plaintext storage of important information (CWE-312) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-390730 // JVNDB: JVNDB-2021-021089 // NVD: CVE-2021-30997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-2103

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-2103

PATCH

title:	HT212976 Apple Security update	url:	https://support.apple.com/en-us/HT212976	Trust: 0.8
title:	Apple iOS and Apple iPadOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=194528	Trust: 0.6

sources: JVNDB: JVNDB-2021-021089 // CNNVD: CNNVD-202108-2103

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30997	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-021089	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-2103	Trust: 0.6
db:	VULHUB	id:	VHN-390730	Trust: 0.1
db:	VULMON	id:	CVE-2021-30997	Trust: 0.1

sources: VULHUB: VHN-390730 // VULMON: CVE-2021-30997 // JVNDB: JVNDB-2021-021089 // CNNVD: CNNVD-202108-2103 // NVD: CVE-2021-30997

REFERENCES

url:	https://support.apple.com/en-us/ht212976	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30997	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-390730 // VULMON: CVE-2021-30997 // JVNDB: JVNDB-2021-021089 // CNNVD: CNNVD-202108-2103 // NVD: CVE-2021-30997

SOURCES

db:	VULHUB	id:	VHN-390730
db:	VULMON	id:	CVE-2021-30997
db:	JVNDB	id:	JVNDB-2021-021089
db:	CNNVD	id:	CNNVD-202108-2103
db:	NVD	id:	CVE-2021-30997

LAST UPDATE DATE

2024-08-14T15:01:21.247000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390730	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2021-30997	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-021089	date:	2024-07-17T07:30:00
db:	CNNVD	id:	CNNVD-202108-2103	date:	2022-06-01T00:00:00
db:	NVD	id:	CVE-2021-30997	date:	2023-11-07T03:34:15.700

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390730	date:	2021-08-24T00:00:00
db:	VULMON	id:	CVE-2021-30997	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-021089	date:	2024-07-17T00:00:00
db:	CNNVD	id:	CNNVD-202108-2103	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-30997	date:	2021-08-24T19:15:24.280