CVE-2022-26773

CWE-2854 documents4 sources
Severity
7.1HIGH
EPSS
0.2%
top 51.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple Itunes FOR WindowsApple Itunes
Timeline
PublishedMay 26
Latest updateMay 27

Description

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5apple/itunes_for_windowsunspecified12.12
NVDapple/itunes< 12.12.4

🔴Vulnerability Details

2
GHSA
GHSA-j99f-3mvg-4m4r: A logic issue was addressed with improved state management2022-05-27
CVEList
CVE-2022-26773: A logic issue was addressed with improved state management2022-05-26

📋Vendor Advisories

1
Apple
CVE-2022-26773: iTunes 12.12.4 for Windows2022-05-18
CVE-2022-26773 (HIGH CVSS 7.1) | A logic issue was addressed with im | cvebase.io