CVE-2008-3634 — Sensitive Information Exposure in Apple Itunes

CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

2.6LOWNVD

EPSS

0.3%

top 48.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes

Timeline

PublishedSep 11

Latest updateMay 2

Description

Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDapple/itunes7.7.1+43

Patches

Patch: lists.apple.com ↗Patch: www.securityfocus.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-v2g8-mp79-j2h2: Apple iTunes before 8↗2022-05-02

▶