VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-g5k8-g5gy-mbbk

Essentials
Severities (106)
References (23)
Severity details (20)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-g5k8-g5gy-mbbk
Aliases	CVE-2024-44187
Summary	A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in Safari 18, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, tvOS 18. A malicious website may exfiltrate data cross-origin.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-346

Origin Validation Error

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44187.json
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00055	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00061	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00062	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00067	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00068	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00070	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00086	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
epss	0.00095	https://api.first.org/data/v1/epss?cve=CVE-2024-44187
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-44187
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-44187
cvssv3.1	6.5	https://support.apple.com/en-us/121238
cvssv3.1	6.5	https://support.apple.com/en-us/121238
ssvc	Track	https://support.apple.com/en-us/121238
ssvc	Track	https://support.apple.com/en-us/121238
cvssv3.1	6.5	https://support.apple.com/en-us/121240
ssvc	Track	https://support.apple.com/en-us/121240
cvssv3.1	6.5	https://support.apple.com/en-us/121241
ssvc	Track	https://support.apple.com/en-us/121241
cvssv3.1	6.5	https://support.apple.com/en-us/121248
cvssv3.1	6.5	https://support.apple.com/en-us/121248
ssvc	Track	https://support.apple.com/en-us/121248
ssvc	Track	https://support.apple.com/en-us/121248
cvssv3.1	6.5	https://support.apple.com/en-us/121249
ssvc	Track	https://support.apple.com/en-us/121249
cvssv3.1	6.5	https://support.apple.com/en-us/121250
ssvc	Track	https://support.apple.com/en-us/121250

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44187.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-44187
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44187
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://support.apple.com/en-us/121238
		https://support.apple.com/en-us/121240
		https://support.apple.com/en-us/121241
		https://support.apple.com/en-us/121248
		https://support.apple.com/en-us/121249
		https://support.apple.com/en-us/121250
2314706		https://bugzilla.redhat.com/show_bug.cgi?id=2314706
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
cpe:2.3:o:apple:visionos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos::::::::
cpe:2.3:o:apple:watchos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
CVE-2024-44187		https://nvd.nist.gov/vuln/detail/CVE-2024-44187
RHSA-2024:8180		https://access.redhat.com/errata/RHSA-2024:8180
RHSA-2024:9553		https://access.redhat.com/errata/RHSA-2024:9553
RHSA-2024:9636		https://access.redhat.com/errata/RHSA-2024:9636
USN-7079-1		https://usn.ubuntu.com/7079-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-44187.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-44187

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-44187

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/121238

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/121238

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:44:18Z/ Found at https://support.apple.com/en-us/121238

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/121240

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:44:18Z/ Found at https://support.apple.com/en-us/121240

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/121241

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:44:18Z/ Found at https://support.apple.com/en-us/121241

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/121248

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/121248

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:44:18Z/ Found at https://support.apple.com/en-us/121248

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/121249

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:44:18Z/ Found at https://support.apple.com/en-us/121249

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://support.apple.com/en-us/121250

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T13:44:18Z/ Found at https://support.apple.com/en-us/121250

Exploit Prediction Scoring System (EPSS)

Percentile	0.11719
EPSS Score	0.00048
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-09-17T19:11:12.830372+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2024-44187	34.0.1