CVE-2020-9849
MEDIUMiCloud < 11.5 - Exposure of Sensitive Information via Improved State Management
Title source: llmDescription
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.
References (8)
Core 8
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211843
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211850
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211844
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211931
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211935
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT211952
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Dec/32
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
Scores
CVSS v3
6.5
EPSS
0.0208
EPSS Percentile
79.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (6)
apple/icloud
< 11.5
apple/ipados
< 14.0
apple/itunes
12.0.0 - 12.10.9
apple/macos
< 11.0.1
apple/tvos
< 14.0
apple/watchos
< 7.0
Published
Dec 08, 2020
Tracked Since
Feb 18, 2026