CVE-2019-8632 — MEDIUM (6.5)

Q: How severe is CVE-2019-8632?

CVE-2019-8632 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-8632?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Texture.

Vulnerability Description

Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An attacker in a privileged network position may be able to intercept analytics data.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Texture	< 4.22.0.4

Related Weaknesses (CWE)

CWE-319

References

https://support.apple.com/HT210110Vendor Advisory
https://support.apple.com/HT210111Vendor Advisory
https://www.info-sec.ca/advisories/Texture.htmlThird Party Advisory
https://support.apple.com/HT210110Vendor Advisory
https://support.apple.com/HT210111Vendor Advisory
https://www.info-sec.ca/advisories/Texture.htmlThird Party Advisory

FAQ

What is CVE-2019-8632?

CVE-2019-8632 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An...

How severe is CVE-2019-8632?

CVE-2019-8632 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-8632?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Texture.