CVE-2019-8512Incorrect Authorization in Apple IOS

CWE-863Incorrect Authorization4 documents4 sources
Severity
5.7MEDIUMNVD
EPSS
0.2%
top 61.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple IOSApple Iphone OS
Timeline
PublishedDec 18
Latest updateMay 24

Description

This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

CVEListV5apple/iosunspecifiediOS 12.2
NVDapple/iphone_os< 12.2

🔴Vulnerability Details

2
GHSA
GHSA-gvrh-2c6r-qpvw: This issue was addressed with improved transparency2022-05-24
CVEList
CVE-2019-8512: This issue was addressed with improved transparency2019-12-18

📋Vendor Advisories

1
Apple
CVE-2019-8512: iOS 12.22019-03-25
CVE-2019-8512 — Incorrect Authorization in Apple IOS | cvebase