Details of VAR-202302-1859

ID

VAR-202302-1859

CVE

CVE-2022-46705

TITLE

Vulnerabilities in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2022-020466

DESCRIPTION

A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. Safari , iPadOS , iOS Unspecified vulnerabilities exist in multiple Apple products.Information may be tampered with

Trust: 1.8

sources: NVD: CVE-2022-46705 // JVNDB: JVNDB-2022-020466 // VULHUB: VHN-447279 // VULMON: CVE-2022-46705

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lt	version:	16.2	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	13.1	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	16.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	15.7.2	Trust: 1.0
vendor:	apple	model:	ipados	scope:	gte	version:	16.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	16.2	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	15.7.2	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	16.2	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	9.2	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	gte	version:	16.0	Trust: 1.0
vendor:	アップル	model:	macos	scope:	eq	version:	13.1	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	safari	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-020466 // NVD: CVE-2022-46705

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-46705
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2022-46705
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202302-2164
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2022-46705
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2022-46705
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-020466 // CNNVD: CNNVD-202302-2164 // NVD: CVE-2022-46705

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-20	Trust: 0.1

sources: VULHUB: VHN-447279 // JVNDB: JVNDB-2022-020466 // NVD: CVE-2022-46705

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-2164

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202302-2164

PATCH

title:	HT213536 Apple Security update	url:	https://support.apple.com/en-us/HT213530	Trust: 0.8
title:	Apple iOS and iPadOS Enter the fix for the verification error vulnerability	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=228168	Trust: 0.6

sources: JVNDB: JVNDB-2022-020466 // CNNVD: CNNVD-202302-2164

EXTERNAL IDS

db:	NVD	id:	CVE-2022-46705	Trust: 3.4
db:	OPENWALL	id:	OSS-SECURITY/2023/11/15/1	Trust: 1.0
db:	JVNDB	id:	JVNDB-2022-020466	Trust: 0.8
db:	CNNVD	id:	CNNVD-202302-2164	Trust: 0.6
db:	VULHUB	id:	VHN-447279	Trust: 0.1
db:	VULMON	id:	CVE-2022-46705	Trust: 0.1

sources: VULHUB: VHN-447279 // VULMON: CVE-2022-46705 // JVNDB: JVNDB-2022-020466 // CNNVD: CNNVD-202302-2164 // NVD: CVE-2022-46705

REFERENCES

url:	https://support.apple.com/en-us/ht213530	Trust: 1.8
url:	https://support.apple.com/en-us/ht213532	Trust: 1.8
url:	https://support.apple.com/en-us/ht213537	Trust: 1.8
url:	https://support.apple.com/kb/ht213536	Trust: 1.6
url:	https://support.apple.com/kb/ht213535	Trust: 1.6
url:	https://support.apple.com/kb/ht213676	Trust: 1.6
url:	https://support.apple.com/kb/ht213531	Trust: 1.6
url:	http://www.openwall.com/lists/oss-security/2023/11/15/1	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2022-46705	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-46705/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-447279 // VULMON: CVE-2022-46705 // JVNDB: JVNDB-2022-020466 // CNNVD: CNNVD-202302-2164 // NVD: CVE-2022-46705

SOURCES

db:	VULHUB	id:	VHN-447279
db:	VULMON	id:	CVE-2022-46705
db:	JVNDB	id:	JVNDB-2022-020466
db:	CNNVD	id:	CNNVD-202302-2164
db:	NVD	id:	CVE-2022-46705

LAST UPDATE DATE

2024-08-14T13:13:23.408000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-447279	date:	2023-03-08T00:00:00
db:	VULMON	id:	CVE-2022-46705	date:	2023-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-020466	date:	2023-11-02T02:30:00
db:	CNNVD	id:	CNNVD-202302-2164	date:	2023-06-09T00:00:00
db:	NVD	id:	CVE-2022-46705	date:	2023-12-28T14:48:17.850

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-447279	date:	2023-02-27T00:00:00
db:	VULMON	id:	CVE-2022-46705	date:	2023-02-27T00:00:00
db:	JVNDB	id:	JVNDB-2022-020466	date:	2023-11-02T00:00:00
db:	CNNVD	id:	CNNVD-202302-2164	date:	2023-02-27T00:00:00
db:	NVD	id:	CVE-2022-46705	date:	2023-02-27T20:15:12.820