Vulnerability Details CVE-2020-27895
An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.0%
CVSS Severity
CVSS v3 Score 3.3
CVSS v2 Score 4.3
Products affected by CVE-2020-27895
-
cpe:2.3:a:apple:itunes:-
-
cpe:2.3:a:apple:itunes:12.0.0
-
cpe:2.3:a:apple:itunes:12.0.4
-
cpe:2.3:a:apple:itunes:12.1.3
-
cpe:2.3:a:apple:itunes:12.10.1
-
cpe:2.3:a:apple:itunes:12.10.2
-
cpe:2.3:a:apple:itunes:12.10.3
-
cpe:2.3:a:apple:itunes:12.10.4
-
cpe:2.3:a:apple:itunes:12.10.5
-
cpe:2.3:a:apple:itunes:12.10.7
-
cpe:2.3:a:apple:itunes:12.10.8
-
cpe:2.3:a:apple:itunes:12.10.9
-
cpe:2.3:a:apple:itunes:12.4.1
-
cpe:2.3:a:apple:itunes:12.4.3
-
cpe:2.3:a:apple:itunes:12.5.5
-
cpe:2.3:a:apple:itunes:12.5.5.5
-
cpe:2.3:a:apple:itunes:12.8
-
cpe:2.3:a:apple:itunes:12.9
-
cpe:2.3:a:apple:itunes:12.9.0
-
cpe:2.3:a:apple:itunes:12.9.1
-
cpe:2.3:a:apple:itunes:12.9.2
-
cpe:2.3:a:apple:itunes:12.9.3
-
cpe:2.3:a:apple:itunes:12.9.4
-
cpe:2.3:a:apple:itunes:12.9.5
-
cpe:2.3:a:apple:itunes:12.9.6