Sign-up

ID

VAR-202207-1489


CVE

CVE-2022-32849


TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-018192

DESCRIPTION

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. iPadOS , iOS , Apple Mac OS X Unspecified vulnerabilities exist in multiple Apple products.Information may be obtained. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS versions prior to 15.6 and iPadOS versions prior to 15.6 have an information disclosure vulnerability due to excessive data output from iCloud Photo Library

Trust: 1.71

sources: NVD: CVE-2022-32849 // JVNDB: JVNDB-2022-018192 // VULHUB: VHN-424938

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:gteversion:12.0

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.6.8

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:ltversion:12.5

Trust: 1.0

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope:eqversion:15.6

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-018192 // NVD: CVE-2022-32849

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-32849
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-32849
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202207-2094
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-32849
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-32849
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-018192 // CNNVD: CNNVD-202207-2094 // NVD: CVE-2022-32849

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-018192 // NVD: CVE-2022-32849

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202207-2094

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202207-2094

PATCH

title:HT213346 Apple  Security updateurl:https://support.apple.com/en-us/HT213342

Trust: 0.8

title:Multiple Apple product Repair measures for information disclosure vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209250

Trust: 0.6

title:Apple: macOS Big Sur 11.6.8url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=46307825e8223bef6aa99c76dff503a5

Trust: 0.1

title:Apple: iOS 15.6 and iPadOS 15.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=25de7f37f4830a629a57f79175aeaa2a

Trust: 0.1

title:Apple: macOS Monterey 12.5url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c765c13fa342a7957a4e91e6dc3d34f4

Trust: 0.1

title:Apple: Security Update 2022-005 Catalinaurl:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=b71ee1a3b689c178ee5a5bc823295063

Trust: 0.1

sources: VULMON: CVE-2022-32849 // JVNDB: JVNDB-2022-018192 // CNNVD: CNNVD-202207-2094

EXTERNAL IDS

db:NVDid:CVE-2022-32849

Trust: 3.4

db:JVNDBid:JVNDB-2022-018192

Trust: 0.8

db:CNNVDid:CNNVD-202207-2094

Trust: 0.7

db:AUSCERTid:ESB-2022.3561

Trust: 0.6

db:CS-HELPid:SB2022072107

Trust: 0.6

db:VULHUBid:VHN-424938

Trust: 0.1

db:VULMONid:CVE-2022-32849

Trust: 0.1

sources: VULHUB: VHN-424938 // VULMON: CVE-2022-32849 // JVNDB: JVNDB-2022-018192 // CNNVD: CNNVD-202207-2094 // NVD: CVE-2022-32849

REFERENCES

url:https://support.apple.com/en-us/ht213346

Trust: 2.3

url:https://support.apple.com/kb/ht213488

Trust: 1.7

url:https://support.apple.com/en-us/ht213342

Trust: 1.7

url:https://support.apple.com/en-us/ht213343

Trust: 1.7

url:https://support.apple.com/en-us/ht213344

Trust: 1.7

url:https://support.apple.com/en-us/ht213345

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2022-32849

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-32849/

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-12-multiple-vulnerabilities-38873

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.3561

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072107

Trust: 0.6

url:https://support.apple.com/kb/ht213344

Trust: 0.1

sources: VULHUB: VHN-424938 // VULMON: CVE-2022-32849 // JVNDB: JVNDB-2022-018192 // CNNVD: CNNVD-202207-2094 // NVD: CVE-2022-32849

SOURCES

db:VULHUBid:VHN-424938
db:VULMONid:CVE-2022-32849
db:JVNDBid:JVNDB-2022-018192
db:CNNVDid:CNNVD-202207-2094
db:NVDid:CVE-2022-32849

LAST UPDATE DATE

2024-08-14T12:20:23.421000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-424938date:2023-01-12T00:00:00
db:JVNDBid:JVNDB-2022-018192date:2023-10-19T02:19:00
db:CNNVDid:CNNVD-202207-2094date:2022-11-14T00:00:00
db:NVDid:CVE-2022-32849date:2023-01-12T20:10:21.950

SOURCES RELEASE DATE

db:VULHUBid:VHN-424938date:2022-09-23T00:00:00
db:JVNDBid:JVNDB-2022-018192date:2023-10-19T00:00:00
db:CNNVDid:CNNVD-202207-2094date:2022-07-20T00:00:00
db:NVDid:CVE-2022-32849date:2022-09-23T19:15:13.723