CVE-2022-32849

CWE-200Information Exposure9 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 76.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple MacosApple TvosApple Ipados+2 more
Timeline
PublishedSep 23
Latest updateOct 24

Description

An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5apple/macosunspecified12.5+2
NVDapple/macos11.011.6.8+1
NVDapple/mac_os_x< 10.15.7+1
CVEListV5apple/tvosunspecified15.6
NVDapple/tvos< 15.6

🔴Vulnerability Details

2
GHSA
GHSA-79xc-f76g-hpg4: An information disclosure issue was addressed by removing the vulnerable code2022-09-25
CVEList
CVE-2022-32849: An information disclosure issue was addressed by removing the vulnerable code2022-09-23

📋Vendor Advisories

6
Apple
CVE-2022-32849: macOS Ventura 132022-10-24
Apple
CVE-2022-32849: macOS Monterey 12.52022-07-20
Apple
CVE-2022-32849: Security Update 2022-005 Catalina2022-07-20
Apple
CVE-2022-32849: iOS 15.6 and iPadOS 15.62022-07-20
Apple
CVE-2022-32849: tvOS 15.62022-07-20
CVE-2022-32849 (MEDIUM CVSS 5.5) | An information disclosure issue was | cvebase.io