Search for vulnerabilities
Vulnerability details: VCID-jfps-kdb2-aaak
Vulnerability ID VCID-jfps-kdb2-aaak
Aliases CVE-2022-22594
Summary A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.
Status Published
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-346 Origin Validation Error
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2022:1777
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22594.json
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00082 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.001 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00179 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00181 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
epss 0.00185 https://api.first.org/data/v1/epss?cve=CVE-2022-22594
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2045291
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22594
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22594
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22594
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22594.json
https://api.first.org/data/v1/epss?cve=CVE-2022-22594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22594
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22637
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://support.apple.com/en-us/HT213053
https://support.apple.com/en-us/HT213054
https://support.apple.com/en-us/HT213057
https://support.apple.com/en-us/HT213058
https://support.apple.com/en-us/HT213059
2045291 https://bugzilla.redhat.com/show_bug.cgi?id=2045291
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2022-22594 https://nvd.nist.gov/vuln/detail/CVE-2022-22594
RHSA-2022:1777 https://access.redhat.com/errata/RHSA-2022:1777
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22594.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-22594
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-22594
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-22594
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.21301
EPSS Score 0.00082
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.