Home

CVE-2022-22589

Description

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.788

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in Mac OS - Monterey 12.2 (Software Update) - AutoRebootMac
Multiple vulnerabilities are fixed in Mac OS - Monterey 12.2.1 (Software Update) - AutoRebootMac
Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.6 - Software UpdateMac
Multiple Vulnerabilities are affected in Apple Safari for MAC 15.0.0Mac
SUSE-SU-2022:0690-1(SUSE Linux Enterprise Server 12-SP5 ) libjavascriptcoregtk-4_0-18-2.34.5-2.85.3.x86_64.rpmLinux
SUSE-SU-2022:0690-1(SUSE Linux Enterprise Server 12-SP5 ) libjavascriptcoregtk-4_0-18-debuginfo-2.34.5-2.85.3.x86_64.rpmLinux
SUSE-SU-2022:0690-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk-4_0-37-2.34.5-2.85.3.x86_64.rpmLinux
SUSE-SU-2022:0690-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk-4_0-37-debuginfo-2.34.5-2.85.3.x86_64.rpmLinux
SUSE-SU-2022:0690-1(SUSE Linux Enterprise Server 12-SP5 ) libwebkit2gtk3-lang-2.34.5-2.85.3.noarch.rpmLinux
SUSE-SU-2022:0690-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-JavaScriptCore-4_0-2.34.5-2.85.3.x86_64.rpmLinux
SUSE-SU-2022:0690-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-WebKit2-4_0-2.34.5-2.85.3.x86_64.rpmLinux
SUSE-SU-2022:0690-1(SUSE Linux Enterprise Server 12-SP5 ) typelib-1_0-WebKit2WebExtension-4_0-2.34.5-2.85.3.x86_64.rpmLinux
SUSE-SU-2022:0690-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk-4_0-injected-bundles-2.34.5-2.85.3.x86_64.rpmLinux
SUSE-SU-2022:0690-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk-4_0-injected-bundles-debuginfo-2.34.5-2.85.3.x86_64.rpmLinux
SUSE-SU-2022:0690-1(SUSE Linux Enterprise Server 12-SP5 ) webkit2gtk3-debugsource-2.34.5-2.85.3.x86_64.rpmLinux
(RHSA-2022:1777) webkit2gtk3 security, bug fix, and enhancement update webkit2gtk3-debugsource-2.34.6-1.el8.i686.rpmLinux
(RHSA-2022:1777) webkit2gtk3 security, bug fix, and enhancement update webkit2gtk3-debugsource-2.34.6-1.el8.x86_64.rpmLinux
(RHSA-2022:1777) webkit2gtk3 security, bug fix, and enhancement update webkit2gtk3-devel-2.34.6-1.el8.i686.rpmLinux
(RHSA-2022:1777) webkit2gtk3 security, bug fix, and enhancement update webkit2gtk3-devel-2.34.6-1.el8.x86_64.rpmLinux
(RHSA-2022:1777) webkit2gtk3 security, bug fix, and enhancement update webkit2gtk3-jsc-devel-2.34.6-1.el8.i686.rpmLinux
(RHSA-2022:1777) webkit2gtk3 security, bug fix, and enhancement update webkit2gtk3-jsc-devel-2.34.6-1.el8.x86_64.rpmLinux
Web content engine library for GTK+ (USN-5306-1) libwebkit2gtk-4.0-37_2.34.6-0ubuntu0.20.04.1_i386.debLinux
Web content engine library for GTK+ (USN-5306-1) libwebkit2gtk-4.0-37_2.34.6-0ubuntu0.20.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-5306-1) libwebkit2gtk-4.0-37_2.34.6-0ubuntu0.21.10.1_i386.debLinux
Web content engine library for GTK+ (USN-5306-1) libwebkit2gtk-4.0-37_2.34.6-0ubuntu0.21.10.1_amd64.debLinux
Web content engine library for GTK+ (USN-5306-1) libjavascriptcoregtk-4.0-18_2.34.6-0ubuntu0.20.04.1_i386.debLinux
Web content engine library for GTK+ (USN-5306-1) libjavascriptcoregtk-4.0-18_2.34.6-0ubuntu0.20.04.1_amd64.debLinux
Web content engine library for GTK+ (USN-5306-1) libjavascriptcoregtk-4.0-18_2.34.6-0ubuntu0.21.10.1_i386.debLinux
Web content engine library for GTK+ (USN-5306-1) libjavascriptcoregtk-4.0-18_2.34.6-0ubuntu0.21.10.1_amd64.debLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-608134Mac OS - Monterey 12.7.6 (Software Update) - AutoReboot (CVE-2024-27877)
PATCH-608134Mac OS - Monterey 12.7.6 (Software Update) - AutoReboot (CVE-2024-27877)
PATCH-605753MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064)
PATCH-611604Apple Safari for MAC (MacOS Sonoma) (18.6)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234