Vulnerability Name:

CVE-2021-1801 (CCN-195886)

Assigned:2020-12-08
Published:2021-02-01
Updated:2021-06-02
Summary:This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
5.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-noinfo
CWE-863
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2021-1801

Source: XF
Type: UNKNOWN
apple-macos-cve20211801-sec-bypass(195886)

Source: FEDORA
Type: Third Party Advisory
FEDORA-2021-619711d709

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-864dc37032

Source: GENTOO
Type: Third Party Advisory
GLSA-202104-03

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT212146

Source: CCN
Type: Apple security document HT212147
About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT212147

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT212148

Source: MISC
Type: Vendor Advisory
https://support.apple.com/en-us/HT212149

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:ipados:*:*:*:*:*:*:*:* (Version < 14.4)
  • OR cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 14.4)
  • OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 11.0.1 and < 11.2)
  • OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version < 14.4)
  • OR cpe:/o:apple:watchos:*:*:*:*:*:*:*:* (Version < 7.3)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:* (Version < 2.30.6)

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:apple:macos_big_sur:11.0.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8033
    P
    		libjavascriptcoregtk-5_0-0-2.38.6-150400.4.39.1 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7603
    P
    		libjavascriptcoregtk-4_0-18-2.38.6-150400.4.39.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7941
    P
    		libjavascriptcoregtk-4_1-0-2.38.6-150400.4.39.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3018
    P
    		augeas-1.10.1-2.6 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3394
    P
    		vorbis-tools-1.4.0-26.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3320
    P
    		pam_yubico-2.26-1.25 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3401
    P
    		xen-4.12.1_06-1.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94506
    P
    		bind-devel-9.16.6-150300.22.16.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94950
    P
    		libjavascriptcoregtk-4_1-0-2.36.0-150400.2.13 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94767
    P
    		pam_krb5-2.4.13-1.36 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95031
    P
    		libjavascriptcoregtk-5_0-0-2.36.0-150400.2.12 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95216
    P
    		libvncclient1-0.9.13-150400.1.9 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94648
    P
    		libjavascriptcoregtk-4_0-18-2.36.0-150400.2.13 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:144
    P
    		libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:1073
    P
    		Security update for tiff (Important)
    2022-05-30
    oval:org.opensuse.security:def:1744
    P
    		Security update for the Linux Kernel (Important)
    2021-11-16
    oval:org.opensuse.security:def:101929
    P
    		Security update for the Linux Kernel (Important)
    2021-11-11
    oval:com.redhat.rhsa:def:20214381
    P
    		RHSA-2021:4381: GNOME security, bug fix, and enhancement update (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:62162
    P
    		libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:100920
    P
    		libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:71903
    P
    		libjavascriptcoregtk-4_0-18-2.32.0-3.15.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101219
    P
    		libsrt1-1.3.4-1.45 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62833
    P
    		typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101239
    P
    		typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72552
    P
    		typelib-1_0-JavaScriptCore-4_0-2.32.0-3.15.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101480
    P
    		Security update for webkit2gtk3 (Important)
    2021-08-03
    oval:org.opensuse.security:def:99651
    P
    		 (Critical)
    2021-06-21
    oval:org.opensuse.security:def:31642
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:58772
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:86585
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:23601
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:51913
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:82592
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:33932
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:89152
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:30093
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:57025
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:84622
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:127125
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:32121
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:59497
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:87413
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:23925
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:55208
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:83300
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:34468
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:89410
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:30213
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:57465
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:85666
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:32949
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:59755
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:88144
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:26076
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:55916
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:83420
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:125558
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:31202
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:57944
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:86106
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:51589
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:5063
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:33674
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:60291
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:88457
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:29385
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:56036
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:84164
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:126728
    P
    		Security update for webkit2gtk3 (Important)
    2021-06-17
    oval:org.opensuse.security:def:99959
    P
    		 (Important)
    2021-06-11
    oval:org.opensuse.security:def:99058
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:10253
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:92701
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:8574
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:69842
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:9503
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:92108
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:99253
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:96928
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:92900
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:8752
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:70213
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:9702
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:92303
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:69459
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:99452
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:93053
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:8947
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:70393
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:98863
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:10073
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:92502
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:69643
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:93206
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:9319
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:91913
    P
    		Security update for webkit2gtk3 (Important)
    2021-05-04
    oval:org.opensuse.security:def:111354
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-30
    oval:org.opensuse.security:def:65211
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:117400
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:96910
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:107885
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:74279
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:66757
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:117660
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:108146
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:75825
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:4122
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:64483
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:108595
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:5668
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    oval:org.opensuse.security:def:73605
    P
    		Security update for webkit2gtk3 (Important)
    2021-04-29
    BACK
    apple ipad os *
    apple iphone os *
    apple macos *
    apple tvos *
    apple watchos *
    fedoraproject fedora 32
    fedoraproject fedora 33
    webkitgtk webkitgtk *
    apple macos big sur 11.0.0
    ibm cloud pak for security 1.7.2.0