CVE-2020-3873 — Incorrect Authorization in Apple Ipados

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

3.3LOWNVD

EPSS

0.2%

top 63.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Ipados Apple Iphone OS

Timeline

PublishedFeb 27

Latest updateMay 24

Description

This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off "Load remote content in messages” may not apply to all mail previews.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶NVDapple/ipados< 13.3.1

▶CVEListV5apple/iosunspecified — iOS 13.3.1 and iPadOS 13.3.1

▶NVDapple/iphone_os< 13.3.1

🔴Vulnerability Details

GHSA

GHSA-gm62-vfww-h3xp: This issue was addressed with improved setting propagation↗2022-05-24

▶

CVEList

CVE-2020-3873: This issue was addressed with improved setting propagation↗2020-02-27

▶