CVE-2014-4425

{"id": "CVE-2014-4425", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-18T01:55:12.933", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", "source": "product-security@apple.com"}, {"url": "http://www.securityfocus.com/bid/70630", "source": "product-security@apple.com"}, {"url": "http://www.securitytracker.com/id/1031063", "source": "product-security@apple.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97640", "source": "product-security@apple.com"}, {"url": "https://support.apple.com/kb/HT6535", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/70630", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1031063", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97640", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.apple.com/kb/HT6535", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "CFPreferences in Apple OS X before 10.10 does not properly enforce the \"require password after sleep or screen saver begins\" setting, which makes it easier for physically proximate attackers to obtain access by leveraging an unattended workstation."}, {"lang": "es", "value": "CFPreferences en Apple OS X anterior a 10.10 no fuerza correctamente la configuraci\u00f3n 'requerir contrase\u00f1a tras el comienzo del reposo o salvapantallas', lo que facilita a atacantes f\u00edsicamente pr\u00f3ximos obtener acceso a una estaci\u00f3n de trabajo desatendida."}], "lastModified": "2024-11-21T02:10:10.113", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C3A0363-F05A-49C3-A9D2-E4F31B60CD4D", "versionEndIncluding": "10.9.5"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}