CVE-2021-33595

Опубликовано: 11 авг. 2021

Источник: nvd

CVSS3: 3.5

CVSS2: 3.5

EPSS Низкий

Описание

A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address bar spoofing attack.

Ссылки

https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame
Vendor Advisory
https://www.f-secure.com/en/business/support-and-downloads/security-advisories
Vendor Advisory
https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33595
Vendor Advisory
https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame
Vendor Advisory
https://www.f-secure.com/en/business/support-and-downloads/security-advisories
Vendor Advisory
https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33595
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:f-secure:safe:*:*:*:*:*:iphone_os:*:*

Версия до 18.4.272901 (исключая)

EPSS

Процентиль: 53%

0.00303

Низкий

3.5 Low

CVSS3

3.5 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-9crg-g7r6-784v

github

больше 3 лет назад

EPSS

Процентиль: 53%

0.00303

Низкий

3.5 Low

CVSS3

3.5 Low

CVSS2

Дефекты

NVD-CWE-Other