CVE-2019-8834
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/10/2020
Last modified:
30/10/2020
Description
A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:* | 7.16 (excluding) | |
| cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:* | 10.0 (including) | 10.9 (excluding) |
| cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:* | 12.10.3 (excluding) | |
| cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* | 13.3 (excluding) | |
| cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* | 13.3 (excluding) | |
| cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* | 10.15.2 (excluding) | |
| cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* | 13.3 (excluding) | |
| cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* | 6.1.1 (excluding) |
To consult the complete list of CPE names with products and versions, see this page