ID

VAR-202212-1309


CVE

CVE-2022-46695


TITLE

Vulnerability related to improper restriction of rendered user interface layers or frames in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-023508

DESCRIPTION

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Visiting a website that frames malicious content may lead to UI spoofing. iPadOS , iOS , macOS A vulnerability exists in multiple Apple products that involves improper restriction of rendered user interface layers or frames.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-46695 // JVNDB: JVNDB-2022-023508 // VULHUB: VHN-447269 // VULMON: CVE-2022-46695

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:13.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:16.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.7.2

Trust: 1.0

vendor:applemodel:ipadosscope:gteversion:16.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:16.2

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.7.2

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:16.2

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.2

Trust: 1.0

vendor:applemodel:iphone osscope:gteversion:16.0

Trust: 1.0

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope:eqversion:9.2

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-023508 // NVD: CVE-2022-46695

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-46695
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-46695
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202212-3026
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-46695
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2022-46695
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-023508 // CNNVD: CNNVD-202212-3026 // NVD: CVE-2022-46695

PROBLEMTYPE DATA

problemtype:CWE-1021

Trust: 1.0

problemtype:Improper restrictions on rendered user interface layers or frames (CWE-1021) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-023508 // NVD: CVE-2022-46695

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3026

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-3026

PATCH

title:HT213535 Apple  Security updateurl:https://support.apple.com/en-us/HT213530

Trust: 0.8

sources: JVNDB: JVNDB-2022-023508

EXTERNAL IDS

db:NVDid:CVE-2022-46695

Trust: 3.4

db:JVNDBid:JVNDB-2022-023508

Trust: 0.8

db:CNNVDid:CNNVD-202212-3026

Trust: 0.6

db:VULHUBid:VHN-447269

Trust: 0.1

db:VULMONid:CVE-2022-46695

Trust: 0.1

sources: VULHUB: VHN-447269 // VULMON: CVE-2022-46695 // JVNDB: JVNDB-2022-023508 // CNNVD: CNNVD-202212-3026 // NVD: CVE-2022-46695

REFERENCES

url:http://seclists.org/fulldisclosure/2022/dec/20

Trust: 2.5

url:http://seclists.org/fulldisclosure/2022/dec/21

Trust: 2.5

url:http://seclists.org/fulldisclosure/2022/dec/23

Trust: 2.5

url:http://seclists.org/fulldisclosure/2022/dec/26

Trust: 2.5

url:https://support.apple.com/en-us/ht213536

Trust: 2.4

url:http://seclists.org/fulldisclosure/2022/dec/27

Trust: 1.9

url:https://support.apple.com/en-us/ht213530

Trust: 1.8

url:https://support.apple.com/en-us/ht213531

Trust: 1.8

url:https://support.apple.com/en-us/ht213532

Trust: 1.8

url:https://support.apple.com/en-us/ht213535

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-46695

Trust: 1.4

url:https://cxsecurity.com/cveshow/cve-2022-46695/

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-of-december-2022-40105

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-447269 // VULMON: CVE-2022-46695 // JVNDB: JVNDB-2022-023508 // CNNVD: CNNVD-202212-3026 // NVD: CVE-2022-46695

SOURCES

db:VULHUBid:VHN-447269
db:VULMONid:CVE-2022-46695
db:JVNDBid:JVNDB-2022-023508
db:CNNVDid:CNNVD-202212-3026
db:NVDid:CVE-2022-46695

LAST UPDATE DATE

2024-08-14T15:06:02.502000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-447269date:2023-01-09T00:00:00
db:VULMONid:CVE-2022-46695date:2022-12-15T00:00:00
db:JVNDBid:JVNDB-2022-023508date:2023-11-29T03:02:00
db:CNNVDid:CNNVD-202212-3026date:2023-01-03T00:00:00
db:NVDid:CVE-2022-46695date:2023-11-07T03:55:49.640

SOURCES RELEASE DATE

db:VULHUBid:VHN-447269date:2022-12-15T00:00:00
db:VULMONid:CVE-2022-46695date:2022-12-15T00:00:00
db:JVNDBid:JVNDB-2022-023508date:2023-11-29T00:00:00
db:CNNVDid:CNNVD-202212-3026date:2022-12-13T00:00:00
db:NVDid:CVE-2022-46695date:2022-12-15T19:15:26.407