CVE-2020-3859 — Sensitive Information Exposure in Apple Ipados

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

2.4LOWNVD

EPSS

0.2%

top 63.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Ipados Apple Iphone OS

Timeline

PublishedFeb 27

Latest updateMay 24

Description

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages3 packages

▶NVDapple/ipados< 13.3.1

▶CVEListV5apple/iosunspecified — iOS 13.3.1 and iPadOS 13.3.1

▶NVDapple/iphone_os< 13.3.1

🔴Vulnerability Details

GHSA

GHSA-wr3w-xwj9-q2gq: An inconsistent user interface issue was addressed with improved state management↗2022-05-24

▶

CVEList

CVE-2020-3859: An inconsistent user interface issue was addressed with improved state management↗2020-02-27

▶