CVE-2021-46841

{"id": "CVE-2021-46841", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2023-02-27T20:15:11.233", "references": [{"url": "https://support.apple.com/en-us/HT213472", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT213472", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity."}, {"lang": "es", "value": "Este problema se solucion\u00f3 mediante el uso de HTTPS al enviar informaci\u00f3n a trav\u00e9s de la red. Se soluciona en la versi\u00f3n 3.5.0 de Apple Music para Android. Un atacante en una posici\u00f3n privilegiada en la red puede rastrear la actividad de un usuario."}], "lastModified": "2024-11-21T06:34:47.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:music:3.5.0:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "89168BB2-EFAA-4793-B9F1-32A30AFF4462"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}