CVE-2018-4117
Description
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the WebKit component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.953
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Google Chrome (68.0.3440.75) | Windows |
| Google Chrome (x64) (68.0.3440.75) | Windows |
| Upgrade Foxit Reader Enterprise 9.3.0.10826 to latest version | Windows |
| Upgrade foxit_reader 9.3.0.10826 to latest version | Windows |
| Multiple Vulnerabilities are affected in Apple iTunes (X64) 12.7.3 | Windows |
| Multiple Vulnerabilities are affected in Apple iTunes 12.7.3 | Windows |
| Multiple Vulnerabilities are affected in Apple Safari 11.0.3 | Mac |
| Multiple Vulnerabilities are affected in Apple Safari for MAC 11.0.3 | Mac |
| Multiple Vulnerabilities are affected in Apple iTunes For Mac 12.7.3 | Mac |
| Web content engine library for GTK+ (USN-3635-1) libwebkit2gtk-4.0-37_2.20.1-0ubuntu0.17.10.1_amd64.deb | Linux |
| Web content engine library for GTK+ (USN-3635-1) libjavascriptcoregtk-4.0-18_2.20.1-0ubuntu0.17.10.1_amd64.deb | Linux |
| chromium-browser security update(DSA-4256-1) chromium_68.0.3440.75-1~deb9u1_i386.deb | Linux |
| chromium-browser security update(DSA-4256-1) chromium_68.0.3440.75-1~deb9u1_amd64.deb | Linux |
| Google Chrome (68.0.3440.75) (For Debian) | Linux |
| Google Chrome (68.0.3440.75) (For Centos) | Linux |
| Google Chrome (68.0.3440.75) (For RedHat) | Linux |
| Google Chrome (68.0.3440.75) (For Suse) | Linux |
| Google Chrome (68.0.3440.75) (For Ubuntu) | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-307865 | Google Chrome (68.0.3440.75) |
| PATCH-307866 | Google Chrome (x64) (68.0.3440.75) |
| PATCH-341798 | Foxit PDF Reader (MSI) (2024.3.0.26795) (Formerly Foxit Reader Enterprise) |
| PATCH-341796 | Foxit Reader (2024.3.0.26795) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
| PATCH-611604 | Apple Safari for MAC (MacOS Sonoma) (18.6) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234