Search for vulnerabilities
Vulnerability details: VCID-zmsn-98ys-aaak
Vulnerability ID VCID-zmsn-98ys-aaak
Aliases CVE-2021-30888
Summary An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior .
Status Published
Exploitability 0.5
Weighted Severity 6.7
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2022:1777
cvssv3 7.4 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30888.json
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.0017 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00219 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.0023 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00258 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.0027 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00406 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
epss 0.00892 https://api.first.org/data/v1/epss?cve=CVE-2021-30888
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=2034383
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30846
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30851
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42762
cvssv3.1 7.4 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-30888
cvssv3 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-30888
cvssv3.1 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-30888
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30888.json
https://api.first.org/data/v1/epss?cve=CVE-2021-30888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30888
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45481
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45483
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://support.apple.com/en-us/HT212867
https://support.apple.com/en-us/HT212868
https://support.apple.com/en-us/HT212869
https://support.apple.com/en-us/HT212874
https://support.apple.com/en-us/HT212876
http://www.openwall.com/lists/oss-security/2021/12/20/6
2034383 https://bugzilla.redhat.com/show_bug.cgi?id=2034383
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipad_os:15.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:15.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:15.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
CVE-2021-30888 https://nvd.nist.gov/vuln/detail/CVE-2021-30888
GLSA-202202-01 https://security.gentoo.org/glsa/202202-01
RHSA-2022:1777 https://access.redhat.com/errata/RHSA-2022:1777
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30888.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30888
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30888
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-30888
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.39195
EPSS Score 0.0017
Published At May 10, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.