CVE-2016-1774

CWE-284 — Improper Access Control4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.3%

top 45.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Server

Timeline

PublishedMar 24

Latest updateMay 17

Description

The Time Machine server in Server App in Apple OS X Server before 5.1 does not notify the user about ignored permissions during a backup, which makes it easier for remote attackers to obtain sensitive information in opportunistic circumstances by reading backup data that lacks intended restrictions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶NVDapple/mac_os_x_server5.0.15

🔴Vulnerability Details

GHSA

GHSA-qhvf-jhrw-6j38: The Time Machine server in Server App in Apple OS X Server before 5↗2022-05-17

▶

CVEList

CVE-2016-1774: The Time Machine server in Server App in Apple OS X Server before 5↗2016-03-24

▶

📋Vendor Advisories

Apple

CVE-2016-1774: OS X Server 5.1↗

▶