CVE-2020-9982

{"id": "CVE-2020-9982", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2020-10-27T21:15:16.040", "references": [{"url": "https://support.apple.com/en-us/HT211898", "tags": ["Release Notes", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT211898", "tags": ["Release Notes", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Apple Music 3.4.0 for Android. A malicious application may be able to leak a user's credentials."}, {"lang": "es", "value": "Este problema se abord\u00f3 con comprobaciones mejoradas para impedir acciones no autorizadas. Este problema se corrigi\u00f3 en Apple Music versi\u00f3n 3.4.0 para Android. Una aplicaci\u00f3n maliciosa puede ser capaz de filtrar las credenciales de un usuario"}], "lastModified": "2024-11-21T05:41:38.427", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:music:3.4.0:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "60251CE7-78F0-4A53-AD18-89C4CF777C2D"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}