[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-4499Date: (C)2015-01-30   (M)2024-02-22


The App Store process in CommerceKit Framework in Apple OS X before 10.10.2 places Apple ID credentials in App Store logs, which allows local users to obtain sensitive information by reading a file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1031650
APPLE-SA-2015-01-27-4
http://support.apple.com/HT204244

CPE    1
cpe:/o:apple:mac_os_x
CWE    1
CWE-200
OVAL    2
oval:org.secpod.oval:def:23403
oval:org.secpod.oval:def:23401

© SecPod Technologies