VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ps8e-n9m2-aaar

Essentials
Severities (109)
References (31)
Severity details (20)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-ps8e-n9m2-aaar
Aliases	CVE-2022-35252
Summary	When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
Status	Published
Exploitability	0.5
Weighted Severity	3.3
Risk	1.6
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-1286	Improper Validation of Syntactic Correctness of Input
CWE-20	Improper Input Validation

System	Score	Found at
cvssv3	3.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00146	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00240	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00240	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00240	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00240	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
epss	0.00279	https://api.first.org/data/v1/epss?cve=CVE-2022-35252
rhbs	low	https://bugzilla.redhat.com/show_bug.cgi?id=2120718
cvssv3.1	Low	https://curl.se/docs/CVE-2022-35252.html
cvssv3.1	3.7	http://seclists.org/fulldisclosure/2023/Jan/20
ssvc	Track	http://seclists.org/fulldisclosure/2023/Jan/20
cvssv3.1	3.7	http://seclists.org/fulldisclosure/2023/Jan/21
ssvc	Track	http://seclists.org/fulldisclosure/2023/Jan/21
cvssv3.1	3.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	3.7	https://hackerone.com/reports/1613943
ssvc	Track	https://hackerone.com/reports/1613943
cvssv3.1	3.7	https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
cvssv3	3.7	https://nvd.nist.gov/vuln/detail/CVE-2022-35252
cvssv3.1	3.7	https://nvd.nist.gov/vuln/detail/CVE-2022-35252
cvssv3.1	3.7	https://security.gentoo.org/glsa/202212-01
ssvc	Track	https://security.gentoo.org/glsa/202212-01
cvssv3.1	3.7	https://security.netapp.com/advisory/ntap-20220930-0005/
ssvc	Track	https://security.netapp.com/advisory/ntap-20220930-0005/
cvssv3.1	3.7	https://support.apple.com/kb/HT213603
ssvc	Track	https://support.apple.com/kb/HT213603
cvssv3.1	3.7	https://support.apple.com/kb/HT213604
ssvc	Track	https://support.apple.com/kb/HT213604

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-35252
		https://curl.se/docs/CVE-2022-35252.html
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35252
		http://seclists.org/fulldisclosure/2023/Jan/20
		http://seclists.org/fulldisclosure/2023/Jan/21
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://hackerone.com/reports/1613943
		https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html
		https://security.gentoo.org/glsa/202212-01
		https://security.netapp.com/advisory/ntap-20220930-0005/
		https://support.apple.com/kb/HT213603
		https://support.apple.com/kb/HT213604
1018831		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831
2120718		https://bugzilla.redhat.com/show_bug.cgi?id=2120718
cpe:2.3:a:haxx:curl::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl::::::::
cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*
cpe:2.3:a:netapp:element_software:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:::::::*
cpe:2.3:a:netapp:hci_management_node:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:::::::*
cpe:2.3:a:netapp:solidfire:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:::::::*
cpe:2.3:a:splunk:universal_forwarder::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder::::::::
cpe:2.3:a:splunk:universal_forwarder:9.1.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:9.1.0:::::::*
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2022-35252		https://nvd.nist.gov/vuln/detail/CVE-2022-35252
RHSA-2022:8840		https://access.redhat.com/errata/RHSA-2022:8840
RHSA-2022:8841		https://access.redhat.com/errata/RHSA-2022:8841
RHSA-2023:2478		https://access.redhat.com/errata/RHSA-2023:2478
RHSA-2023:2963		https://access.redhat.com/errata/RHSA-2023:2963
RHSA-2024:0428		https://access.redhat.com/errata/RHSA-2024:0428
USN-5587-1		https://usn.ubuntu.com/5587-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://seclists.org/fulldisclosure/2023/Jan/20

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/20

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at http://seclists.org/fulldisclosure/2023/Jan/21

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at http://seclists.org/fulldisclosure/2023/Jan/21

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://hackerone.com/reports/1613943

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://hackerone.com/reports/1613943

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2022-35252

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2022-35252

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.gentoo.org/glsa/202212-01

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://security.gentoo.org/glsa/202212-01

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://security.netapp.com/advisory/ntap-20220930-0005/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://security.netapp.com/advisory/ntap-20220930-0005/

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://support.apple.com/kb/HT213603

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://support.apple.com/kb/HT213603

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://support.apple.com/kb/HT213604

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:30:42Z/ Found at https://support.apple.com/kb/HT213604

Exploit Prediction Scoring System (EPSS)

Percentile	0.17437
EPSS Score	0.00066
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.