CVE-2021-30744 - OpenCVE

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Watchos Tvos Ipados Safari Macos

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

References

Link	Resource
https://support.apple.com/en-us/HT212528	Vendor Advisory
https://support.apple.com/en-us/HT212529	Vendor Advisory
https://support.apple.com/en-us/HT212532	Vendor Advisory
https://support.apple.com/en-us/HT212533	Vendor Advisory
https://support.apple.com/en-us/HT212534	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2021-09-08T13:44:09

Updated: 2021-09-08T13:44:09

Reserved: 2021-04-13T00:00:00

Link: CVE-2021-30744

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-08T14:15:09.640

Modified: 2023-01-09T16:41:59.350

Link: CVE-2021-30744

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "iOS and iPadOS", "vendor": "Apple", "versions": [{"lessThan": "14.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.4", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "14.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "7.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "14.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may lead to universal cross site scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-08T13:44:09", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212528"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212529"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212532"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212533"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212534"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-30744", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS and iPadOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.6"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.4"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.6"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "7.5"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.1"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to universal cross site scripting"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT212528", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212528"}, {"name": "https://support.apple.com/en-us/HT212529", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212529"}, {"name": "https://support.apple.com/en-us/HT212532", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212532"}, {"name": "https://support.apple.com/en-us/HT212533", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212533"}, {"name": "https://support.apple.com/en-us/HT212534", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212534"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-30744", "datePublished": "2021-09-08T13:44:09", "dateReserved": "2021-04-13T00:00:00", "dateUpdated": "2021-09-08T13:44:09", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFDA8CE0-8F2C-4FA7-91F8-A720F56EBC5D", "versionEndExcluding": "14.1.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "168B0313-B7B6-4CD5-AD4F-C133050498BF", "versionEndExcluding": "14.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1BB03E7-7DC3-404B-AD37-78849BE46420", "versionEndExcluding": "14.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "391D9971-3C67-4B94-9AF2-1D4D23DAF95F", "versionEndExcluding": "11.4", "versionStartIncluding": "11.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "9076D8C8-70CD-4DE5-8BAE-8CA6A5BEDDB3", "versionEndExcluding": "14.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD3B375C-0996-4A6E-AB14-D8A7561F1DFC", "versionEndExcluding": "7.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting."}, {"lang": "es", "value": "Descripci\u00f3n: Se abord\u00f3 un problema de origen cruzado con elementos iframe con un seguimiento de los or\u00edgenes de seguridad mejorados. Este problema se corrigi\u00f3 en tvOS versi\u00f3n 14.6, iOS versi\u00f3n 14.6 e iPadOS versi\u00f3n 14.6, Safari versi\u00f3n 14.1.1, macOS Big Sur versi\u00f3n 11.4, watchOS versi\u00f3n 7.5. El procesamiento de contenido web maliciosamente dise\u00f1ado puede conllevar un cross site scripting universal"}], "id": "CVE-2021-30744", "lastModified": "2023-01-09T16:41:59.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-08T14:15:09.640", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212528"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212529"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212532"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212533"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212534"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}