CVE Vulnerabilities

CVE-2020-9916

Published: Oct 16, 2020 | Modified: Jan 09, 2023
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

A URL Unicode encoding issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A malicious attacker may be able to conceal the destination of a URL.

Affected Software

Name Vendor Start Version End Version
Icloud Apple * 7.20 (excluding)
Icloud Apple 11.0 (including) 11.3 (excluding)
Itunes Apple * 12.10.8 (excluding)
Safari Apple * 13.1.2 (excluding)
Ipados Apple * 13.6 (excluding)
Iphone_os Apple * 13.6 (excluding)
Tvos Apple * 13.4.8 (excluding)
Watchos Apple * 6.2.8 (excluding)

References