CVE-2019-8645 — MEDIUM (6.5)

Q: How severe is CVE-2019-8645?

CVE-2019-8645 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-8645?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X.

Vulnerability Description

An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Mac Os X	< 10.14.4

References

https://support.apple.com/en-us/HT209600Vendor Advisory
https://support.apple.com/en-us/HT209600Vendor Advisory

FAQ

What is CVE-2019-8645?

CVE-2019-8645 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra,...

How severe is CVE-2019-8645?

CVE-2019-8645 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-8645?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X.