CVE-2020-27895Sensitive Information Exposure in Apple Itunes FOR Windows

CWE-200Sensitive Information Exposure3 documents3 sources
Severity
3.3LOWNVD
EPSS
0.2%
top 61.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Itunes FOR WindowsApple Itunes
Timeline
PublishedDec 8
Latest updateMay 24

Description

An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5apple/itunes_for_windowsunspecified12.11
NVDapple/itunes< 12.11

🔴Vulnerability Details

2
GHSA
GHSA-2w49-pm36-8jp5: An information disclosure issue existed in the transition of program state2022-05-24
CVEList
CVE-2020-27895: An information disclosure issue existed in the transition of program state2020-12-08
CVE-2020-27895 — Sensitive Information Exposure | cvebase