VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-pzcq-2xr9-n7ec

Essentials
Severities (38)
References (24)
Severity details (19)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-pzcq-2xr9-n7ec
Aliases	CVE-2024-27838
Summary	The issue was addressed by adding additional logic. This issue is fixed in tvOS 17.5, iOS 16.7.8 and iPadOS 16.7.8, visionOS 1.2, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A maliciously crafted webpage may be able to fingerprint the user.
Status	Published
Exploitability	0.5
Weighted Severity	5.9
Risk	3.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27838.json
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2024-27838
cvssv3.1	6.5	http://seclists.org/fulldisclosure/2024/Jun/5
ssvc	Track	http://seclists.org/fulldisclosure/2024/Jun/5
cvssv3.1	6.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2024-27838
cvssv3.1	6.5	https://support.apple.com/en-us/HT214100
ssvc	Track	https://support.apple.com/en-us/HT214100
cvssv3.1	6.5	https://support.apple.com/en-us/HT214101
ssvc	Track	https://support.apple.com/en-us/HT214101
cvssv3.1	6.5	https://support.apple.com/en-us/HT214102
ssvc	Track	https://support.apple.com/en-us/HT214102
cvssv3.1	6.5	https://support.apple.com/en-us/HT214103
ssvc	Track	https://support.apple.com/en-us/HT214103
cvssv3.1	6.5	https://support.apple.com/en-us/HT214104
ssvc	Track	https://support.apple.com/en-us/HT214104
cvssv3.1	6.5	https://support.apple.com/en-us/HT214106
ssvc	Track	https://support.apple.com/en-us/HT214106
cvssv3.1	6.5	https://support.apple.com/en-us/HT214108
ssvc	Track	https://support.apple.com/en-us/HT214108

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27838.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-27838
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27838
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2314702		https://bugzilla.redhat.com/show_bug.cgi?id=2314702
5		http://seclists.org/fulldisclosure/2024/Jun/5
cpe:2.3:a:apple:safari::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari::::::::
cpe:2.3:o:apple:ipados::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados::::::::
cpe:2.3:o:apple:iphone_os::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:o:apple:macos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos::::::::
cpe:2.3:o:apple:tvos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos::::::::
cpe:2.3:o:apple:visionos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:visionos::::::::
cpe:2.3:o:apple:watchos::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos::::::::
CVE-2024-27838		https://nvd.nist.gov/vuln/detail/CVE-2024-27838
HT214100		https://support.apple.com/en-us/HT214100
HT214101		https://support.apple.com/en-us/HT214101
HT214102		https://support.apple.com/en-us/HT214102
HT214103		https://support.apple.com/en-us/HT214103
HT214104		https://support.apple.com/en-us/HT214104
HT214106		https://support.apple.com/en-us/HT214106
HT214108		https://support.apple.com/en-us/HT214108
RHSA-2024:8180		https://access.redhat.com/errata/RHSA-2024:8180
RHSA-2024:9636		https://access.redhat.com/errata/RHSA-2024:9636
RHSA-2025:10364		https://access.redhat.com/errata/RHSA-2025:10364

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27838.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://seclists.org/fulldisclosure/2024/Jun/5

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:48:32Z/ Found at http://seclists.org/fulldisclosure/2024/Jun/5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-27838

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://support.apple.com/en-us/HT214100

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:48:32Z/ Found at https://support.apple.com/en-us/HT214100

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://support.apple.com/en-us/HT214101

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:48:32Z/ Found at https://support.apple.com/en-us/HT214101

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://support.apple.com/en-us/HT214102

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:48:32Z/ Found at https://support.apple.com/en-us/HT214102

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://support.apple.com/en-us/HT214103

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:48:32Z/ Found at https://support.apple.com/en-us/HT214103

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://support.apple.com/en-us/HT214104

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:48:32Z/ Found at https://support.apple.com/en-us/HT214104

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://support.apple.com/en-us/HT214106

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:48:32Z/ Found at https://support.apple.com/en-us/HT214106

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://support.apple.com/en-us/HT214108

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:48:32Z/ Found at https://support.apple.com/en-us/HT214108

Exploit Prediction Scoring System (EPSS)

Percentile	0.40873
EPSS Score	0.00187
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:09:50.597689+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/27xxx/CVE-2024-27838.json	37.0.0