CVE-2019-8834 Information

Feb 14, 2021 cve

Description

A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3 watchOS 6.1.1 iCloud for Windows 10.9 macOS Catalina 10.15.2 Security Update 2019-002 Mojave and Security Update 2019-007 High Sierra iOS 13.3 and iPadOS 13.3 iTunes 12.10.3 for Windows iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Reference

https://support.apple.com/en-us/HT210785 https://support.apple.com/en-us/HT210788 https://support.apple.com/en-us/HT210789 https://support.apple.com/en-us/HT210790 https://support.apple.com/en-us/HT210793 https://support.apple.com/en-us/HT210794 https://support.apple.com/en-us/HT210795

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3

Share on: