The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to leak sensitive user information.
Base Score: 4
Impact Score: 2.9
Exploitability Score: 8
Base Score: 6.5
Impact Score: 3.6
Exploitability Score: 2.8
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions from 10.14.0 to 10.14.5 (inclusive)
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* versions from 10.15 to 10.15.6 (inclusive)
|149986||macOS 11.x < 11.4 (HT212529)||Nessus||MacOS X Local Security Checks|
|149985||macOS 10.14.x < 10.14.6 Security Update 2021-004 Mojave (HT212531)||Nessus||MacOS X Local Security Checks|
|149984||macOS 10.15.x < 10.15.7 Security Update 2021-002 Catalina (HT212530)||Nessus||MacOS X Local Security Checks|