CVE-2018-4137

MEDIUM

Description

An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows remote attackers to read autofilled data by leveraging lack of a user-confirmation requirement.

References

http://www.securitytracker.com/id/1040604

https://support.apple.com/HT208693

https://support.apple.com/HT208695

Details

Source: MITRE

Published: 2018-04-03

Updated: 2018-05-04

Type: CWE-200

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (4 total)

ID	Name	Product	Family	Severity
700548	Apple iOS < 11.3 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
700503	Apple Safari < 11.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
108812	Apple iOS < 11.3 Multiple Vulnerabilities	Nessus	Mobile Devices	high
108805	macOS : Apple Safari < 11.1 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium