CVE-2018-4137
published 2018-04-03CVE-2018-4137: An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill"…
PriorityP337high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
0.35%
57.6th percentile
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | < 11.3 | 11.3 |
| apple | safari | < 11.1 | 11.1 |
| apple | safari | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Apple
CVE-2018-4137: iOS 11.3
vendor_apple·2018-03-29·CVSS 7.5
CVE-2018-4137 [HIGH] CVE-2018-4137: iOS 11.3
Apple Security Update: About the security content of iOS 11.3
Product: iOS
Version: 11.3
CVE: CVE-2018-4137
Component: CVE-2018-4137
Apple
CVE-2018-4137: Safari 11.1
vendor_apple·2018-03-29·CVSS 7.5
CVE-2018-4137 [HIGH] CVE-2018-4137: Safari 11.1
Apple Security Update: About the security content of Safari 11.1
Product: Safari
Version: 11.1
CVE: CVE-2018-4137
Component: CVE-2018-4137
GHSA
GHSA-rjmm-wchx-p828: An issue was discovered in certain Apple products
ghsa_unreviewed·2022-05-14
CVE-2018-4137 [HIGH] CWE-200 GHSA-rjmm-wchx-p828: An issue was discovered in certain Apple products
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-04-03
Published