CVE-2018-4397 - OpenCVE

Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Apple Support Iphone Os

Configuration 1 [-]

AND

cpe:2.3:a:apple:apple_support:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.apple.com/kb/HT209117

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2019-04-03T17:43:19

Updated: 2024-08-05T05:11:22.900Z

Reserved: 2018-01-02T00:00:00

Link: CVE-2018-4397

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-03T18:29:13.033

Modified: 2019-04-05T15:30:59.607

Link: CVE-2018-4397

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Apple Support app", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions prior to: Apple Support for iOS 2.4"}]}], "descriptions": [{"lang": "en", "value": "Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS."}], "problemTypes": [{"descriptions": [{"description": "An attacker in a privileged network position may be able to intercept analytics data sent to Apple", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-03T17:43:19", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/kb/HT209117"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2018-4397", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apple Support app", "version": {"version_data": [{"version_value": "Versions prior to: Apple Support for iOS 2.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "An attacker in a privileged network position may be able to intercept analytics data sent to Apple"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/kb/HT209117", "refsource": "MISC", "url": "https://support.apple.com/kb/HT209117"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:11:22.900Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/kb/HT209117"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2018-4397", "datePublished": "2019-04-03T17:43:19", "dateReserved": "2018-01-02T00:00:00", "dateUpdated": "2024-08-05T05:11:22.900Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:apple_support:*:*:*:*:*:*:*:*", "matchCriteriaId": "90FEFFDA-399C-4692-BBBA-A5181D0D6998", "versionEndExcluding": "2.4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS."}, {"lang": "es", "value": "Se enviaron datos de an\u00e1lisis utilizando HTTP en vez de HTTPS. Este problema se abord\u00f3 enviando datos de anal\u00edsis mediante HTTPS. Este problema afectaba a Apple Support para iOS en versiones anteriores a la 2.4."}], "id": "CVE-2018-4397", "lastModified": "2019-04-05T15:30:59.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-03T18:29:13.033", "references": [{"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/kb/HT209117"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}