{"containers": {"cna": {"affected": [{"product": "iOS and iPadOS", "vendor": "Apple", "versions": [{"lessThan": "13.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "tvOS", "vendor": "Apple", "versions": [{"lessThan": "13.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Safari", "vendor": "Apple", "versions": [{"lessThan": "13.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iTunes for Windows", "vendor": "Apple", "versions": [{"lessThan": "12.10", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iCloud for Windows", "vendor": "Apple", "versions": [{"lessThan": "10.9", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iCloud for Windows", "vendor": "Apple", "versions": [{"lessThan": "7.17", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin."}], "problemTypes": [{"descriptions": [{"description": "A DOM object context may not have had a unique security origin", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-27T20:10:02.000Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210947"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210918"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210920"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210922"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210923"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT210948"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2020-3864", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS and iPadOS", "version": {"version_data": [{"version_affected": "<", "version_value": "13.3"}]}}, {"product_name": "tvOS", "version": {"version_data": [{"version_affected": "<", "version_value": "13.3"}]}}, {"product_name": "Safari", "version": {"version_data": [{"version_affected": "<", "version_value": "13.0"}]}}, {"product_name": "iTunes for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "12.10"}]}}, {"product_name": "iCloud for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "10.9"}]}}, {"product_name": "iCloud for Windows", "version": {"version_data": [{"version_affected": "<", "version_value": "7.17"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A DOM object context may not have had a unique security origin"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT210947", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210947"}, {"name": "https://support.apple.com/en-us/HT210918", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210918"}, {"name": "https://support.apple.com/en-us/HT210920", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210920"}, {"name": "https://support.apple.com/en-us/HT210922", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210922"}, {"name": "https://support.apple.com/en-us/HT210923", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210923"}, {"name": "https://support.apple.com/en-us/HT210948", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT210948"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:44:51.250Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210947"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210918"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210920"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210922"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210923"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT210948"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2020-3864", "datePublished": "2020-10-27T20:10:02.000Z", "dateReserved": "2019-12-18T00:00:00.000Z", "dateUpdated": "2024-08-04T07:44:51.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "matchCriteriaId": "65AF31B2-A5B2-4BF5-B534-B53BE79CDDA2", "versionEndExcluding": "7.17", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:icloud:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C5E0808C-91A5-4E50-A34F-31AB23B6F92F", "versionEndExcluding": "10.9.2", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*", "matchCriteriaId": "15CC59BB-5F0C-4381-A7E7-EFFCC01CC308", "versionEndExcluding": "12.10.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB81F563-28D4-425E-A81A-002557E23CF8", "versionEndExcluding": "13.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "3DD89B34-EA75-4559-A112-13B489B2502A", "versionEndExcluding": "13.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4BFEAAB-906E-4F49-A6DB-5717BADD8089", "versionEndExcluding": "13.3.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C2B3AC9-FAFE-4819-9538-A072B446BE78", "versionEndExcluding": "13.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin."}, {"lang": "es", "value": "Se abord\u00f3 un problema l\u00f3gico con una comprobaci\u00f3n mejorada.&#xa0;Este problema se corrigi\u00f3 en iCloud para Windows versi\u00f3n 7.17, iTunes versi\u00f3n 12.10.4 para Windows, iCloud para Windows versi\u00f3n 10.9.2, tvOS versi\u00f3n 13.3.1, Safari versi\u00f3n 13.0.5, iOS versi\u00f3n 13.3.1 y iPadOS versi\u00f3n 13.3.1.&#xa0;Es posible que un contexto de objeto DOM no haya tenido un origen de seguridad \u00fanico"}], "id": "CVE-2020-3864", "lastModified": "2024-11-21T05:31:51.653", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-27T21:15:15.167", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210918"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210920"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210922"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210923"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210947"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210948"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210918"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210920"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210922"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210923"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210947"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT210948"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:4035", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "webkitgtk4-0:2.28.2-2.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-29T00:00:00Z"}, {"advisory": "RHSA-2020:4451", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.28.4-1.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-04T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: Non-unique security origin for DOM object contexts", "id": "1876518", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1876518"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["A logic issue was addressed with improved validation. This issue is fixed in iCloud for Windows 7.17, iTunes 12.10.4 for Windows, iCloud for Windows 10.9.2, tvOS 13.3.1, Safari 13.0.5, iOS 13.3.1 and iPadOS 13.3.1. A DOM object context may not have had a unique security origin."], "name": "CVE-2020-3864", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2020-02-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-3864\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-3864\nhttps://webkitgtk.org/security/WSA-2020-0002.html"], "threat_severity": "Moderate"}

{}