VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-3cxy-whf4-87e9

Essentials
Severities (95)
References (26)
Severity details (14)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-3cxy-whf4-87e9
Aliases	CVE-2024-44309
Summary	A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems.
Status	Published
Exploitability	2.0
Weighted Severity	5.5
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

System	Score	Found at
cvssv3	6.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44309.json
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00089	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00089	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00237	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00289	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00441	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00441	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00672	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
epss	0.00954	https://api.first.org/data/v1/epss?cve=CVE-2024-44309
cvssv3.1	6.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	6.1	https://nvd.nist.gov/vuln/detail/CVE-2024-44309
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2024-44309
cvssv3.1	6.3	https://support.apple.com/en-us/121752
ssvc	Track	https://support.apple.com/en-us/121752
cvssv3.1	6.3	https://support.apple.com/en-us/121753
ssvc	Track	https://support.apple.com/en-us/121753
cvssv3.1	6.3	https://support.apple.com/en-us/121754
ssvc	Track	https://support.apple.com/en-us/121754
cvssv3.1	6.3	https://support.apple.com/en-us/121755
ssvc	Track	https://support.apple.com/en-us/121755
cvssv3.1	6.3	https://support.apple.com/en-us/121756
ssvc	Track	https://support.apple.com/en-us/121756

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44309.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-44309
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44309
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
121752		https://support.apple.com/en-us/121752
121753		https://support.apple.com/en-us/121753
121754		https://support.apple.com/en-us/121754
121755		https://support.apple.com/en-us/121755
121756		https://support.apple.com/en-us/121756
2327927		https://bugzilla.redhat.com/show_bug.cgi?id=2327927
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:visionos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos::::::::
CVE-2024-44309		https://nvd.nist.gov/vuln/detail/CVE-2024-44309
RHSA-2024:10472		https://access.redhat.com/errata/RHSA-2024:10472
RHSA-2024:10480		https://access.redhat.com/errata/RHSA-2024:10480
RHSA-2024:10481		https://access.redhat.com/errata/RHSA-2024:10481
RHSA-2024:10482		https://access.redhat.com/errata/RHSA-2024:10482
RHSA-2024:10483		https://access.redhat.com/errata/RHSA-2024:10483
RHSA-2024:10489		https://access.redhat.com/errata/RHSA-2024:10489
RHSA-2024:10492		https://access.redhat.com/errata/RHSA-2024:10492
RHSA-2024:10496		https://access.redhat.com/errata/RHSA-2024:10496
RHSA-2024:10501		https://access.redhat.com/errata/RHSA-2024:10501
USN-7142-1		https://usn.ubuntu.com/7142-1/

Data source	KEV
Date added	Nov. 21, 2024
Description	Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.
Required action	Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date	Dec. 12, 2024
Note	https://support.apple.com/en-us/121752, https://support.apple.com/en-us/121753, https://support.apple.com/en-us/121754, https://support.apple.com/en-us/121755, https://support.apple.com/en-us/121756 ; https://nvd.nist.gov/vuln/detail/CVE-2024-44309
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44309.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-44309

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-44309

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://support.apple.com/en-us/121752

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T15:36:28Z/ Found at https://support.apple.com/en-us/121752

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://support.apple.com/en-us/121753

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T15:36:28Z/ Found at https://support.apple.com/en-us/121753

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://support.apple.com/en-us/121754

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T15:36:28Z/ Found at https://support.apple.com/en-us/121754

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://support.apple.com/en-us/121755

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T15:36:28Z/ Found at https://support.apple.com/en-us/121755

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Found at https://support.apple.com/en-us/121756

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-21T15:36:28Z/ Found at https://support.apple.com/en-us/121756

Exploit Prediction Scoring System (EPSS)

Percentile	0.17041
EPSS Score	0.00045
Published At	Nov. 20, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-11-21T12:21:45.238787+00:00	EPSS Importer	Import	https://epss.cyentia.com/epss_scores-current.csv.gz	35.0.0