CVE-2021-30689

CVE Details

Release Date:	2021-09-08
Impact:	None	What is this?

Description

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.

See more information about CVE-2021-30689 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	6.1
Vector String:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Version:	3.0
Attack Vector:	Network
Attack Complexity:	Low
Privileges Required:	None
User Interaction:	Required
Scope:	Changed
Confidentiality Impact:	Low
Integrity Impact:	Low
Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (LibRaw)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (accountsservice)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gdm)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-autoar)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-calculator)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-control-center)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-online-accounts)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-session)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-settings-daemon)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-shell)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-shell-extensions)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gnome-software)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gsettings-desktop-schemas)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (gtk3)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (mutter)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (vino)	ELSA-2021-4381	2021-11-16
Oracle Linux version 8 (webkit2gtk3)	ELSA-2021-4381	2021-11-16