CVE-2024-40862

A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/121239	Vendor Advisory
http://seclists.org/fulldisclosure/2024/Sep/38

Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*

History

04 Nov 2025, 17:16

Type	Values Removed	Values Added
References		() http://seclists.org/fulldisclosure/2024/Sep/38 -

12 Dec 2024, 15:13

Type	Values Removed	Values Added
CPE		cpe:2.3:a:apple:xcode::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 5.3
CWE		NVD-CWE-noinfo
References	~~() https://support.apple.com/en-us/121239 -~~	() https://support.apple.com/en-us/121239 - Vendor Advisory
First Time		Apple Apple xcode

Information

Published : 2024-09-17 00:15

Updated : 2025-11-04 17:16

NVD link : CVE-2024-40862

Mitre link : CVE-2024-40862

CVE.ORG link : CVE-2024-40862

JSON object : View

Products Affected

apple

xcode

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-40862", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-09-17T00:15:49.743", "references": [{"url": "https://support.apple.com/en-us/121239", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://seclists.org/fulldisclosure/2024/Sep/38", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A privacy issue was addressed by removing sensitive data. This issue is fixed in Xcode 16. An attacker may be able to determine the Apple ID of the owner of the computer."}, {"lang": "es", "value": "Se solucion\u00f3 un problema de privacidad eliminando datos confidenciales. Este problema se solucion\u00f3 en Xcode 16. Un atacante podr\u00eda determinar el ID de Apple del propietario del ordenador."}], "lastModified": "2025-11-04T17:16:02.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6894DFF1-7930-4DF7-88CF-EB6C7E36336F", "versionEndExcluding": "16.0"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}