CVE-2015-7032

CWE-200 — Information Exposure5 documents5 sources

Severity

4.3MEDIUM

EPSS

0.7%

top 27.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iwork Apple Keynote Apple Numbers +1 more

Timeline

PublishedOct 18

Latest updateMay 17

Description

The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted document.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDapple/iwork2.5.4

▶NVDapple/pages5.5.3

▶NVDapple/keynote6.5

▶NVDapple/numbers3.5

🔴Vulnerability Details

GHSA

GHSA-5wxw-67wh-rggh: The Apple iWork application before 2↗2022-05-17

▶

CVEList

CVE-2015-7032: The Apple iWork application before 2↗2015-10-18

▶

💥Exploits & PoCs

Exploit-DB

Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XML External Entity↗2015-08-12

▶

📋Vendor Advisories

Apple

CVE-2015-7032: Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6↗

▶