CVE-2009-2192 - OpenCVE

MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Mac Os X Mac Os X Server

Configuration 1 [-]

OR	cpe:2.3:a:apple:mac_os_x:10.5.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.0:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.1:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.2:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.2:2008-002::::::
	cpe:2.3:o:apple:mac_os_x:10.5.3:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.4:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.5:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.6:::::::*
	cpe:2.3:o:apple:mac_os_x:10.5.7:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.0:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.1:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.2:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.3:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.4:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.5:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.6:::::::*
	cpe:2.3:o:apple:mac_os_x_server:10.5.7:::::::*

No data.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
http://osvdb.org/56839
http://secunia.com/advisories/36096
http://support.apple.com/kb/HT3757
http://www.securityfocus.com/bid/35954
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
http://www.vupen.com/english/advisories/2009/2172
https://exchange.xforce.ibmcloud.com/vulnerabilities/52432

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-08-06T16:00:00

Updated: 2024-08-07T05:44:55.921Z

Reserved: 2009-06-24T00:00:00

Link: CVE-2009-2192

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-08-06T16:30:00.407

Modified: 2017-08-17T01:30:41.523

Link: CVE-2009-2192

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object