Vulnerability Details : CVE-2019-8898
An information disclosure issue existed in the handling of the Storage Access API. This issue was addressed with improved logic. This issue is fixed in iOS 13.3 and iPadOS 13.3, tvOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows. Visiting a maliciously crafted website may reveal sites a user has visited.
Vulnerability category: Information leak
Products affected by CVE-2019-8898
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-8898
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 43 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-8898
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2019-8898
-
https://support.apple.com/en-us/HT210792
About the security content of Safari 13.0.4 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/en-us/HT210793
About the security content of iTunes 12.10.3 for Windows - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/en-us/HT210790
About the security content of tvOS 13.3 - Apple SupportRelease Notes;Vendor Advisory
-
https://support.apple.com/en-us/HT210785
About the security content of iOS 13.3 and iPadOS 13.3 - Apple SupportRelease Notes;Vendor Advisory
Jump to