CVE-2024-44212

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-44212
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.apple.com/en-us/121563 Vendor Advisory
https://support.apple.com/en-us/121565 Vendor Advisory
https://support.apple.com/en-us/121566 Vendor Advisory
https://support.apple.com/en-us/121569 Vendor Advisory
https://support.apple.com/en-us/121571 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
History

13 Dec 2024, 18:51

Type Values Removed Values Added
CPE cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
Summary
  • (es) Se solucionó un problema de administración de cookies mejorando la administración del estado. Este problema se solucionó en Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 y iPadOS 18.1, watchOS 11.1. Las cookies que pertenecen a un origen pueden enviarse a otro origen.
CWE CWE-346
References () https://support.apple.com/en-us/121563 - () https://support.apple.com/en-us/121563 - Vendor Advisory
References () https://support.apple.com/en-us/121565 - () https://support.apple.com/en-us/121565 - Vendor Advisory
References () https://support.apple.com/en-us/121566 - () https://support.apple.com/en-us/121566 - Vendor Advisory
References () https://support.apple.com/en-us/121569 - () https://support.apple.com/en-us/121569 - Vendor Advisory
References () https://support.apple.com/en-us/121571 - () https://support.apple.com/en-us/121571 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3
First Time Apple ipados
Apple iphone Os
Apple safari
Apple
Apple visionos
Apple watchos
Apple tvos

12 Dec 2024, 02:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-12-12 02:15

Updated : 2024-12-20 19:15

NVD link : CVE-2024-44212

Mitre link : CVE-2024-44212

CVE.ORG link : CVE-2024-44212

JSON object : View

Products Affected

apple

  • visionos
  • safari
  • iphone_os
  • watchos
  • ipados
  • tvos
CWE
CWE-346

Origin Validation Error