CVE-2022-46692

CWE-34515 documents9 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 97.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
Apple Icloud FOR WindowsApple TvosApple Watchos+5 more
Timeline
PublishedDec 15
Latest updateJan 9

Description

A logic issue was addressed with improved state management. This issue is fixed in Safari 16.2, tvOS 16.2, iCloud for Windows 14.1, iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may bypass Same Origin Policy.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages12 packages

NVDapple/ipados16.016.2+1
CVEListV5apple/icloud_for_windowsunspecified14.1
CVEListV5apple/tvosunspecified16.2+2
NVDapple/tvos< 16.2
NVDapple/macos< 13.1

🔴Vulnerability Details

4
CVEList
CVE-2022-46692: A logic issue was addressed with improved state management2022-12-15
OSV
CVE-2022-46692: A logic issue was addressed with improved state management2022-12-15
GHSA
GHSA-gg8p-2j6g-g8mc: A logic issue was addressed with improved state management2022-12-15
VulnCheck
Safari, tvOS, iCloud for Windows, iOS, iPadOS, macOS Ventura, and watchOS Same Origin Policy Bypass Vulnerability2022

📋Vendor Advisories

10
Ubuntu
WebKitGTK vulnerabilities2023-01-09
Red Hat
webkitgtk: Same Origin Policy bypass issue2022-12-15
Apple
CVE-2022-46692: macOS Ventura 13.12022-12-13
Apple
CVE-2022-46692: iOS 15.7.2 and iPadOS 15.7.22022-12-13
Apple
CVE-2022-46692: iOS 16.2 and iPadOS 16.22022-12-13
CVE-2022-46692 (MEDIUM CVSS 5.5) | A logic issue was addressed with im | cvebase.io