← Back

CVE-2018-4117

nvd nist
Published: Apr 3, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Affected (12)

Show all products
Apple: Iphone Os, Safari, Watchos, Icloud, Itunes · Webkitgtk: Webkitgtk+ · Canonical: Ubuntu Linux · Debian: Debian Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation
Apple
5 products
Iphone Os
Safari
Watchos
Icloud
Itunes
Webkitgtk
1 product
Webkitgtk+
Canonical
1 product
Ubuntu Linux
Debian
1 product
Debian Linux
Redhat
3 products
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Workstation
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Iphone Os
Before 11.3
Safari
Before 11.1
Watchos
Before 4.3
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Icloud
Before 7.4
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Itunes
Before 12.7.4
Running on/withPlatform Versions
Microsoft
Windows
All versions
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Webkitgtk+
Before 2.20.4
Configuration E
6 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 17.10
Debian Linux
Version 9.0
Enterprise Linux Desktop
Version 6.0
Enterprise Linux Server
Version 6.0
Enterprise Linux Workstation
Version 6.0

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (24)

Source: product-security@apple.com
Third Party AdvisoryVDB Entry
Source: product-security@apple.com
Third Party AdvisoryVDB Entry
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.