Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2018-4190

Date: June 8, 2018

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive credential information that is transmitted during a CSS mask-image fetch.

Severity Score

Related Resources (10)

https://support.apple.com/HT208850
https://security.gentoo.org/glsa/201808-04
https://usn.ubuntu.com/3687-1/
https://support.apple.com/HT208852
https://nvd.nist.gov/vuln/detail/CVE-2018-4190
https://support.apple.com/HT208848
https://support.apple.com/HT208853
http://www.securitytracker.com/id/1041029
https://support.apple.com/HT208854
https://www.mend.io/vulnerability-database/CVE-2018-4190

Severity Score

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us