CVE-2014-4357 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

2.1LOWNVD

OSV7.5

EPSS

0.1%

top 77.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Eglibc Apple Iphone OS Apple Tvos

Timeline

PublishedSep 18

Latest updateMay 14

Description

Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶NVDapple/tvos6.2+6

▶NVDapple/iphone_os7.1.2+9

▶Ubuntueglibc/eglibc< 2.19-0ubuntu6.1

🔴Vulnerability Details

GHSA

GHSA-3g98-7765-crq2: Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not inten↗2022-05-14

▶

OSV

eglibc vulnerabilities↗2014-08-04

▶