Vulnerability Details CVE-2018-4397
Analytics data was sent using HTTP rather than HTTPS. This was addressed by sending analytics data using HTTPS. This issue affected versions prior to Apple Support 2.4 for iOS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 45.5%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
Products affected by CVE-2018-4397
-
cpe:2.3:a:apple:apple_support:1.0
-
cpe:2.3:a:apple:apple_support:1.0.1
-
cpe:2.3:a:apple:apple_support:1.0.2
-
cpe:2.3:a:apple:apple_support:1.0.3
-
cpe:2.3:a:apple:apple_support:1.1
-
cpe:2.3:a:apple:apple_support:1.1.1
-
cpe:2.3:a:apple:apple_support:1.2
-
cpe:2.3:a:apple:apple_support:1.2.1
-
cpe:2.3:a:apple:apple_support:2.0
-
cpe:2.3:a:apple:apple_support:2.0.1
-
cpe:2.3:a:apple:apple_support:2.1
-
cpe:2.3:a:apple:apple_support:2.2
-
cpe:2.3:a:apple:apple_support:2.3
-
cpe:2.3:a:apple:apple_support:2.3.1
-
cpe:2.3:a:apple:apple_support:2.3.2
-
cpe:2.3:o:apple:iphone_os:-