CVE-2018-4397

CVE Database · CVE-2018-4397

CVE-2018-4397

· N/AModified

CVSS v3.1

N/A

EPSS

0.83%

Published

Apr 3, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS.

Weaknesses (CWE)

CWE-20

Affected Products (2)

apple · apple_support (up to 2.4)vulnerable

apple · iphone_os

References (2)

https://support.apple.com/kb/HT209117

Vendor Advisory

https://support.apple.com/kb/HT209117

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs