VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kazx-z7ps-aaae

Essentials
Severities (95)
References (34)
Severity details (31)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-kazx-z7ps-aaae
Aliases	CVE-2020-9802
Summary	A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to arbitrary code execution.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-841

Improper Enforcement of Behavioral Workflow

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9802.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4451
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9802.json
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.41488	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.5136	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.58977	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.58977	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.58977	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.58977	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.59268	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.59268	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.59268	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.59268	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.59268	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.59268	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.59268	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.59268	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.59268	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.59268	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
epss	0.59268	https://api.first.org/data/v1/epss?cve=CVE-2020-9802
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=1879545
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13753
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9802
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9803
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9805
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9806
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9807
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9843
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9850
cvssv3.1	8.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2020-9802
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2020-9802
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2020-9802
archlinux	Critical	https://security.archlinux.org/AVG-1203
cvssv3.1	8.8	https://support.apple.com/HT211168
ssvc	Track	https://support.apple.com/HT211168
cvssv3.1	8.8	https://support.apple.com/HT211171
ssvc	Track	https://support.apple.com/HT211171
cvssv3.1	8.8	https://support.apple.com/HT211175
ssvc	Track	https://support.apple.com/HT211175
cvssv3.1	8.8	https://support.apple.com/HT211177
ssvc	Track	https://support.apple.com/HT211177
cvssv3.1	8.8	https://support.apple.com/HT211178
ssvc	Track	https://support.apple.com/HT211178
cvssv3.1	8.8	https://support.apple.com/HT211179
ssvc	Track	https://support.apple.com/HT211179
cvssv3.1	8.8	https://support.apple.com/HT211181
ssvc	Track	https://support.apple.com/HT211181
generic_textual	Medium	https://ubuntu.com/security/notices/USN-4422-1
generic_textual	Medium	https://usn.ubuntu.com/usn/usn-4422-1

Reference id	Reference type	URL
		http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-9802.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9802.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-9802
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13753
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9802
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9803
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9805
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9806
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9807
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9843
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9850
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://support.apple.com/HT211168
		https://support.apple.com/HT211171
		https://support.apple.com/HT211175
		https://support.apple.com/HT211177
		https://support.apple.com/HT211178
		https://support.apple.com/HT211179
		https://support.apple.com/HT211181
		https://ubuntu.com/security/notices/USN-4422-1
		https://usn.ubuntu.com/usn/usn-4422-1
1879545		https://bugzilla.redhat.com/show_bug.cgi?id=1879545
ASA-202007-1		https://security.archlinux.org/ASA-202007-1
AVG-1203		https://security.archlinux.org/AVG-1203
cpe:2.3:a:apple:icloud::::::windows::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:icloud::::::windows::*
cpe:2.3:a:apple:itunes::::::windows::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:itunes::::::windows::*
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipad_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipad_os::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
cpe:2.3:o:apple:watchos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
CVE-2020-9802		https://nvd.nist.gov/vuln/detail/CVE-2020-9802
RHSA-2020:4451		https://access.redhat.com/errata/RHSA-2020:4451

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9802.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-9802

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-9802

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-9802

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT211168

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:41Z/ Found at https://support.apple.com/HT211168

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT211171

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:41Z/ Found at https://support.apple.com/HT211171

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT211175

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:41Z/ Found at https://support.apple.com/HT211175

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT211177

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:41Z/ Found at https://support.apple.com/HT211177

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT211178

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:41Z/ Found at https://support.apple.com/HT211178

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT211179

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:41Z/ Found at https://support.apple.com/HT211179

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://support.apple.com/HT211181

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:41Z/ Found at https://support.apple.com/HT211181

Exploit Prediction Scoring System (EPSS)

Percentile	0.9713
EPSS Score	0.41488
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.