CVE-2015-3784 — Sensitive Information Exposure in Apple Iphone OS

CWE-200 — Sensitive Information Exposure7 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.9%

top 24.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

6

Apple Iphone OS Apple Iwork Apple Keynote +3 more

Timeline

PublishedAug 16

Latest updateMay 17

Description

Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶NVDapple/iwork2.5.4

▶NVDapple/pages5.5.3

▶NVDapple/keynote6.5

▶NVDapple/numbers3.5

▶NVDapple/mac_os_x10.10.4

🔴Vulnerability Details

2

GHSA

GHSA-ghj5-59w9-356m: Office Viewer in Apple iOS before 8↗2022-05-17

▶

CVEList

CVE-2015-3784: Office Viewer in Apple iOS before 8↗2015-08-16

▶

📋Vendor Advisories

4

Apple

CVE-2015-3784: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

Apple

CVE-2015-3784: Apple TV 7.2.1↗

▶

Apple

CVE-2015-3784: Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6↗

▶

Apple

CVE-2015-3784: iOS 8.4.1↗

▶

CVE-2015-3784 — Sensitive Information Exposure in Apple | cvebase