CVE Vulnerabilities

CVE-2011-3257

Published: Oct 14, 2011 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different accounts cookie.

Affected Software

Name Vendor Start Version End Version
Iphone_os Apple 3.0 (including) 3.0 (including)
Iphone_os Apple 3.1 (including) 3.1 (including)
Iphone_os Apple 3.1.2 (including) 3.1.2 (including)
Iphone_os Apple 3.1.3 (including) 3.1.3 (including)
Iphone_os Apple 3.2 (including) 3.2 (including)
Iphone_os Apple 3.2.1 (including) 3.2.1 (including)
Iphone_os Apple 3.2.2 (including) 3.2.2 (including)
Iphone_os Apple 4.0 (including) 4.0 (including)
Iphone_os Apple 4.0.1 (including) 4.0.1 (including)
Iphone_os Apple 4.0.2 (including) 4.0.2 (including)
Iphone_os Apple 4.1 (including) 4.1 (including)
Iphone_os Apple 4.2.1 (including) 4.2.1 (including)
Iphone_os Apple 4.2.5 (including) 4.2.5 (including)
Iphone_os Apple 4.2.8 (including) 4.2.8 (including)
Iphone_os Apple 4.3.0 (including) 4.3.0 (including)
Iphone_os Apple 4.3.1 (including) 4.3.1 (including)
Iphone_os Apple 4.3.2 (including) 4.3.2 (including)
Iphone_os Apple 4.3.3 (including) 4.3.3 (including)
Iphone_os Apple 4.3.5 (including) 4.3.5 (including)

References