CVE-2014-4446
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
18/10/2014
Last modified:
12/04/2025
Description
Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:apple:os_x_server:*:*:*:*:*:*:*:* | 3.1.2 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
- http://www.securitytracker.com/id/1031071
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97645
- https://support.apple.com/kb/HT6536
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
- http://www.securitytracker.com/id/1031071
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97645
- https://support.apple.com/kb/HT6536