CVE-2022-22654Improper Input Validation in Apple Safari

CWE-20Improper Input Validation5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 55.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple SafariApple Watchos
Timeline
PublishedMar 18
Latest updateMar 19

Description

A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5apple/safariunspecified15.4
NVDapple/safari< 15.4
CVEListV5apple/watchosunspecified8.5
NVDapple/watchos< 8.5

🔴Vulnerability Details

2
GHSA
GHSA-3cr4-xm57-685p: A user interface issue was addressed2022-03-19
CVEList
CVE-2022-22654: A user interface issue was addressed2022-03-18

📋Vendor Advisories

2
Apple
CVE-2022-22654: Safari 15.42022-03-15
Apple
CVE-2022-22654: watchOS 8.52022-03-14
CVE-2022-22654 — Improper Input Validation in Apple | cvebase