CVE-2021-30997

Published: Aug 24, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A S/MIME issue existed in the handling of encrypted email. This issue was addressed by not automatically loading some MIME parts. This issue is fixed in iOS 15.2 and iPadOS 15.2. An attacker may be able to recover plaintext contents of an S/MIME-encrypted e-mail.

Affected (2)

Products: Apple: Ipados, Iphone Os

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 15.2
Apple Iphone Os	Before 15.2

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://support.apple.com/en-us/HT212976

Source: product-security@apple.com

https://support.apple.com/en-us/HT212976

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.