Vulnerability Details : CVE-2021-33596
Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. Exploiting the vulnerability requires the user to click on a specially crafted, seemingly legitimate URL containing an embedded malicious redirect while using F-Secure Safe Browser for iOS.
Products affected by CVE-2021-33596
- cpe:2.3:a:f-secure:safe:*:*:*:*:*:iphone_os:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-33596
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 28 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-33596
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
|
3.5
|
LOW | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
2.1
|
1.4
|
F-Secure | |
|
4.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N |
2.3
|
1.4
|
NIST |
CWE ids for CVE-2021-33596
-
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-33596
-
https://www.f-secure.com/en/business/support-and-downloads/security-advisories
Security advisories | F-SecureVendor Advisory
-
https://www.f-secure.com/en/business/support-and-downloads/security-advisories/cve-2021-33596
CVE-2021-33596 | F-SecureVendor Advisory
-
https://www.f-secure.com/en/business/programs/vulnerability-reward-program/hall-of-fame
Hall of Fame | F-SecureVendor Advisory
Jump to