CVE-2015-5920Apple Itunes vulnerability

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 46.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Itunes
Timeline
PublishedSep 18
Latest updateMay 17

Description

The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapple/itunes12.2

🔴Vulnerability Details

2
GHSA
GHSA-wv3h-xgxp-x2j3: The Software Update component in Apple iTunes before 122022-05-17
CVEList
CVE-2015-5920: The Software Update component in Apple iTunes before 122015-09-18

📋Vendor Advisories

1
Apple
CVE-2015-5920: iTunes 12.3
CVE-2015-5920 — Apple Itunes vulnerability | cvebase