CVE-2020-3864 - OpenCVE

A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Tvos Icloud Safari Itunes Ipados
Redhat	Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server

Configuration 1 [-]

OR	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:icloud::::::windows::*
	cpe:2.3:a:apple:itunes::::::windows::*
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:tvos::::::::

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

References

Link	Resource
https://support.apple.com/en-us/HT210918	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT210920	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT210922	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT210923	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT210947	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT210948	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2020-10-27T20:10:02

Updated: 2020-10-27T20:10:02

Reserved: 2019-12-18T00:00:00

Link: CVE-2020-3864

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-10-27T21:15:15.167

Modified: 2021-05-18T13:20:44.087

Link: CVE-2020-3864

JSON object: View

Redhat Information

No data.

CWE

CWE-346

{"containers": {"cna": {"affected": [{"product": "iOS and iPadOS", "vendor": "Apple", "versions": [{"lessThan": "13.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "tvOS", "vendor": "Apple", "versions": [{"lessThan": "13.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Safari", "vendor": "Apple", "versions": [{"lessThan": "13.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iTunes for Windows", "vendor": "Apple", "versions": [{"lessThan": "12.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iCloud for Windows", "vendor": "Apple", "versions": [{"lessThan": "10.9", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iCloud for Windows", "vendor": "Apple", "versions": [{"lessThan": "7.17", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin."}], "problemTypes": [{"descriptions": [{"description": "A DOM object context may not have had a unique security origin", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-27T20:10:02", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210947"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210918"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210920"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210922"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210923"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210948"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-3864", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS and iPadOS", "version": {"version_data": [{"version_affected": "<", "version_value": "13.3"}]}}, {"product_name": "tvOS", "version": {"version_data": [{"version_affected": "<", "version_value": "13.3"}]}}, {"product_name": "Safari", "version": {"version_data": [{"version_affected": "<", "version_value": "13.0"}]}}, {"product_name": "iTunes for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "12.10"}]}}, {"product_name": "iCloud for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "10.9"}]}}, {"product_name": "iCloud for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "7.17"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A DOM object context may not have had a unique security origin"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT210947", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210947"}, {"name": "https://support.apple.com/en-us/HT210918", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210918"}, {"name": "https://support.apple.com/en-us/HT210920", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210920"}, {"name": "https://support.apple.com/en-us/HT210922", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210922"}, {"name": "https://support.apple.com/en-us/HT210923", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210923"}, {"name": "https://support.apple.com/en-us/HT210948", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210948"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-3864", "datePublished": "2020-10-27T20:10:02", "dateReserved": "2019-12-18T00:00:00", "dateUpdated": "2020-10-27T20:10:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "matchCriteriaId": "65AF31B2-A5B2-4BF5-B534-B53BE79CDDA2", "versionEndExcluding": "7.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C5E0808C-91A5-4E50-A34F-31AB23B6F92F", "versionEndExcluding": "10.9.2", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "matchCriteriaId": "15CC59BB-5F0C-4381-A7E7-EFFCC01CC308", "versionEndExcluding": "12.10.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB81F563-28D4-425E-A81A-002557E23CF8", "versionEndExcluding": "13.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DD89B34-EA75-4559-A112-13B489B2502A", "versionEndExcluding": "13.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4BFEAAB-906E-4F49-A6DB-5717BADD8089", "versionEndExcluding": "13.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C2B3AC9-FAFE-4819-9538-A072B446BE78", "versionEndExcluding": "13.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin."}, {"lang": "es", "value": "Se abord\u00f3 un problema l\u00f3gico con una comprobaci\u00f3n mejorada. Este problema se corrigi\u00f3 en iCloud para Windows versi\u00f3n 7.17, iTunes versi\u00f3n 12.10.4 para Windows, iCloud para Windows versi\u00f3n 10.9.2, tvOS versi\u00f3n 13.3.1, Safari versi\u00f3n 13.0.5, iOS versi\u00f3n 13.3.1 y iPadOS versi\u00f3n 13.3.1. Es posible que un contexto de objeto DOM no haya tenido un origen de seguridad \u00fanico"}], "id": "CVE-2020-3864", "lastModified": "2021-05-18T13:20:44.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-27T21:15:15.167", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210918"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210920"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210922"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210923"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210947"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210948"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}]}