ID

VAR-202302-1859


CVE

CVE-2022-46705


TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-020466

DESCRIPTION

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. Safari , iPadOS , iOS Unspecified vulnerabilities exist in multiple Apple products.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-46705 // JVNDB: JVNDB-2022-020466 // VULHUB: VHN-447279 // VULMON: CVE-2022-46705

AFFECTED PRODUCTS

vendor:applemodel:safariscope:ltversion:16.2

Trust: 1.0

vendor:applemodel:macosscope:ltversion:13.1

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:16.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.7.2

Trust: 1.0

vendor:applemodel:ipadosscope:gteversion:16.0

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:16.2

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.7.2

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:16.2

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:9.2

Trust: 1.0

vendor:applemodel:iphone osscope:gteversion:16.0

Trust: 1.0

vendor:アップルmodel:macosscope:eqversion:13.1

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:safariscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-020466 // NVD: CVE-2022-46705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-46705
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-46705
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202302-2164
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-46705
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2022-46705
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-020466 // CNNVD: CNNVD-202302-2164 // NVD: CVE-2022-46705

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-20

Trust: 0.1

sources: VULHUB: VHN-447279 // JVNDB: JVNDB-2022-020466 // NVD: CVE-2022-46705

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-2164

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202302-2164

PATCH

title:HT213536 Apple  Security updateurl:https://support.apple.com/en-us/HT213530

Trust: 0.8

title:Apple iOS and iPadOS Enter the fix for the verification error vulnerabilityurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=228168

Trust: 0.6

sources: JVNDB: JVNDB-2022-020466 // CNNVD: CNNVD-202302-2164

EXTERNAL IDS

db:NVDid:CVE-2022-46705

Trust: 3.4

db:OPENWALLid:OSS-SECURITY/2023/11/15/1

Trust: 1.0

db:JVNDBid:JVNDB-2022-020466

Trust: 0.8

db:CNNVDid:CNNVD-202302-2164

Trust: 0.6

db:VULHUBid:VHN-447279

Trust: 0.1

db:VULMONid:CVE-2022-46705

Trust: 0.1

sources: VULHUB: VHN-447279 // VULMON: CVE-2022-46705 // JVNDB: JVNDB-2022-020466 // CNNVD: CNNVD-202302-2164 // NVD: CVE-2022-46705

REFERENCES

url:https://support.apple.com/en-us/ht213530

Trust: 1.8

url:https://support.apple.com/en-us/ht213532

Trust: 1.8

url:https://support.apple.com/en-us/ht213537

Trust: 1.8

url:https://support.apple.com/kb/ht213536

Trust: 1.6

url:https://support.apple.com/kb/ht213535

Trust: 1.6

url:https://support.apple.com/kb/ht213676

Trust: 1.6

url:https://support.apple.com/kb/ht213531

Trust: 1.6

url:http://www.openwall.com/lists/oss-security/2023/11/15/1

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2022-46705

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-46705/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-447279 // VULMON: CVE-2022-46705 // JVNDB: JVNDB-2022-020466 // CNNVD: CNNVD-202302-2164 // NVD: CVE-2022-46705

SOURCES

db:VULHUBid:VHN-447279
db:VULMONid:CVE-2022-46705
db:JVNDBid:JVNDB-2022-020466
db:CNNVDid:CNNVD-202302-2164
db:NVDid:CVE-2022-46705

LAST UPDATE DATE

2024-08-14T13:13:23.408000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-447279date:2023-03-08T00:00:00
db:VULMONid:CVE-2022-46705date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-020466date:2023-11-02T02:30:00
db:CNNVDid:CNNVD-202302-2164date:2023-06-09T00:00:00
db:NVDid:CVE-2022-46705date:2023-12-28T14:48:17.850

SOURCES RELEASE DATE

db:VULHUBid:VHN-447279date:2023-02-27T00:00:00
db:VULMONid:CVE-2022-46705date:2023-02-27T00:00:00
db:JVNDBid:JVNDB-2022-020466date:2023-11-02T00:00:00
db:CNNVDid:CNNVD-202302-2164date:2023-02-27T00:00:00
db:NVDid:CVE-2022-46705date:2023-02-27T20:15:12.820