CVE-2018-4293 - OpenCVE

A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Icloud Iphone Os Itunes Mac Os X Tvos Watchos
Microsoft	Windows

Configuration 1 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

Configuration 2 [-]

AND

OR	cpe:2.3:a:apple:icloud::::::::
	cpe:2.3:a:apple:itunes::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.apple.com/kb/HT208932
https://support.apple.com/kb/HT208933
https://support.apple.com/kb/HT208935
https://support.apple.com/kb/HT208936
https://support.apple.com/kb/HT208937
https://support.apple.com/kb/HT208938

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2019-04-03T17:43:14

Updated: 2024-08-05T05:11:22.358Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-4293

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-03T18:29:05.737

Modified: 2019-04-05T14:45:22.267

Link: CVE-2018-4293

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "iOS, macOS, tvOS, watchOS, iTunes for Windows, iCloud for Windows", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions prior to: iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6"}]}], "descriptions": [{"lang": "en", "value": "A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6."}], "problemTypes": [{"descriptions": [{"description": "Cookies may unexpectedly persist in Safari", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-03T17:43:14", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208933"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208937"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208938"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208935"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208936"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT208932"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2018-4293", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS, macOS, tvOS, watchOS, iTunes for Windows, iCloud for Windows", "version": {"version_data": [{"version_value": "Versions prior to: iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cookies may unexpectedly persist in Safari"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/kb/HT208933", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208933"}, {"name": "https://support.apple.com/kb/HT208937", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208937"}, {"name": "https://support.apple.com/kb/HT208938", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208938"}, {"name": "https://support.apple.com/kb/HT208935", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208935"}, {"name": "https://support.apple.com/kb/HT208936", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208936"}, {"name": "https://support.apple.com/kb/HT208932", "refsource": "MISC", "url": "https://support.apple.com/kb/HT208932"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:11:22.358Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208933"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208937"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208938"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208935"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208936"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT208932"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2018-4293", "datePublished": "2019-04-03T17:43:14", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-08-05T05:11:22.358Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "717822F6-6246-4D7C-BF1E-0A0A2A105B7B", "versionEndExcluding": "11.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "84791309-ABCF-4701-B4BB-01EDFD6E8E8B", "versionEndExcluding": "10.13.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "232180F0-DF72-4DE7-8DF8-7CE0D7771406", "versionEndExcluding": "11.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "610C68B9-9ADA-4FDC-9C3E-31F9F4E0063D", "versionEndExcluding": "4.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*", "matchCriteriaId": "B45B035E-E267-4CC0-875D-35B45E86A72C", "versionEndExcluding": "7.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "matchCriteriaId": "50F3E6C3-A7EA-4F63-A5F2-659FA32766E6", "versionEndExcluding": "12.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A cookie management issue was addressed with improved checks. This issue affected versions prior to iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 for Windows, iCloud for Windows 7.6."}, {"lang": "es", "value": "Un problema de gesti\u00f3n de cookie se abord\u00f3 con comprobaciones mejoradas. El problema afectaba a versiones anteriores a iOS 11.4.1, macOS High Sierra 10.13.6, tvOS 11.4.1, watchOS 4.3.2, iTunes 12.8 para Windows, iCloud para Windows 7.6."}], "id": "CVE-2018-4293", "lastModified": "2019-04-05T14:45:22.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-03T18:29:05.737", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208932"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208933"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208935"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208936"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208937"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT208938"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}