CVE-2021-1797

Опубликовано: 02 апр. 2021

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.

Ссылки

http://seclists.org/fulldisclosure/2021/Apr/51
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT212146
Vendor Advisory
https://support.apple.com/en-us/HT212147
Vendor Advisory
https://support.apple.com/en-us/HT212148
Vendor Advisory
https://support.apple.com/en-us/HT212149
Vendor Advisory
https://support.apple.com/kb/HT212326
Vendor Advisory
https://support.apple.com/kb/HT212327
Vendor Advisory
http://seclists.org/fulldisclosure/2021/Apr/51
Mailing List
Third Party Advisory
https://support.apple.com/en-us/HT212146
Vendor Advisory
https://support.apple.com/en-us/HT212147
Vendor Advisory
https://support.apple.com/en-us/HT212148
Vendor Advisory
https://support.apple.com/en-us/HT212149
Vendor Advisory
https://support.apple.com/kb/HT212326
Vendor Advisory
https://support.apple.com/kb/HT212327
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*

Версия до 14.4 (исключая)

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 14.4 (исключая)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия до 10.14.6 (исключая)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия от 10.15 (включая) до 10.15.7 (исключая)

cpe:2.3:o:apple:mac_os_x:10.14.6:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Версия от 11.0.1 (включая) до 11.2 (исключая)

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

Версия до 14.4 (исключая)

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Версия до 7.3 (исключая)

EPSS

Процентиль: 29%

0.00104

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-3973-4x54-vxm4

github

больше 3 лет назад

EPSS

Процентиль: 29%

0.00104

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-noinfo