CVE-2013-5193 — MEDIUM (4.7)

Q: How severe is CVE-2013-5193?

CVE-2013-5193 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-5193?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.

Vulnerability Description

The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App purchase by leveraging previous entry of Apple ID credentials.

CVSS Score

4.7

MEDIUM

AV:L/AC:M/Au:N/C:N/I:C/A:N

Confidentiality

NONE

Integrity

COMPLETE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Iphone Os	<= 7.0.3

Related Weaknesses (CWE)

CWE-255

References

http://lists.apple.com/archives/security-announce/2013/Nov/msg00000.htmlVendor Advisory
http://support.apple.com/kb/HT6058Vendor Advisory
http://lists.apple.com/archives/security-announce/2013/Nov/msg00000.htmlVendor Advisory
http://support.apple.com/kb/HT6058Vendor Advisory

FAQ

What is CVE-2013-5193?

CVE-2013-5193 is a vulnerability with a CVSS score of 4.7 (MEDIUM). The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App pur...

How severe is CVE-2013-5193?

CVE-2013-5193 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-5193?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os.