CVE-2023-41993 - Vulnerability Details

The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since Sept. 25, 2023.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Apple	Ipad Os Ipados Iphone Os Macos
Debian	Debian Linux
Fedoraproject	Fedora
Netapp	Active Iq Unified Manager Cloud Insights Acquisition Unit Cloud Insights Storage Workload Security Agent Oncommand Insight Oncommand Workflow Automation
Oracle	Graalvm Jdk Jre
Redhat	Enterprise Linux
Webkitgtk	Webkitgtk\+

Configuration 1 [-]

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:a:oracle:graalvm:20.3.13::::enterprise:::
	cpe:2.3:a:oracle:graalvm:21.3.9::::enterprise:::
	cpe:2.3:a:oracle:jdk:1.8.0:update401::::::
	cpe:2.3:a:oracle:jre:1.8.0:update401::::::

Configuration 5 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:::::::*
	cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:::::::*
	cpe:2.3:a:netapp:oncommand_insight:-:::::::*
	cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*

Configuration 6 [-]

cpe:2.3:a:webkitgtk:webkitgtk\+:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
webkit2gtk3-0:2.38.5-1.el8_8.5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:4202	2023-07-18T00:00:00Z
Red Hat Enterprise Linux 9
webkit2gtk3-0:2.38.5-1.el9_2.3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:4201	2023-07-18T00:00:00Z

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2023-41993
https://security.gentoo.org/glsa/202401-33
https://security.netapp.com/advisory/ntap-20240426-0004/
https://support.apple.com/en-us/HT213940
https://webkitgtk.org/security/WSA-2023-0009.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2023-41993

History

Thu, 13 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple ipad Os
CPEs		cpe:2.3:a:oracle:graalvm:21.3.9:::::::* cpe:2.3:a:oracle:jdk:1.8.0:-:::::: cpe:2.3:a:oracle:jre:1.8.0:::::::* cpe:2.3:o:apple:ipad_os:-:::::::* cpe:2.3:o:apple:iphone_os:-:::::::* cpe:2.3:o:apple:macos:-:::::::*
Vendors & Products		Apple ipad Os
Metrics		kev `{'dateAdded': '2023-09-25'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 29 Nov 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netapp active Iq Unified Manager
CPEs		cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vsphere:: cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
Vendors & Products		Netapp active Iq Unified Manager

Tue, 03 Sep 2024 20:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Webkitgtk Webkitgtk webkitgtk\+
CPEs		cpe:2.3:a:webkitgtk:webkitgtk\+::::::::
Vendors & Products		Webkitgtk Webkitgtk webkitgtk\+

Thu, 29 Aug 2024 20:30:00 +0000

Type	Values Removed	Values Added
References		https://webkitgtk.org/security/WSA-2023-0009.html

Wed, 14 Aug 2024 15:45:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`	cvssV3_1 `{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

Wed, 14 Aug 2024 01:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2023-09-21T18:23:52.197Z

Updated: 2025-02-13T17:09:12.791Z

Reserved: 2023-09-06T17:40:06.142Z

Link: CVE-2023-41993

Vulnrichment

Updated: 2024-08-29T13:17:27.813Z

NVD

Status : Analyzed

Published: 2023-09-21T19:15:11.660

Modified: 2024-11-29T14:43:20.857

Link: CVE-2023-41993

Redhat

Severity : Moderate

Publid Date: 2023-09-21T00:00:00Z

Links: CVE-2023-41993 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-41993", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2023-09-06T17:40:06.142Z", "datePublished": "2023-09-21T18:23:52.197Z", "dateUpdated": "2025-02-13T17:09:12.791Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "unspecified", "status": "affected", "lessThan": "14", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."}], "references": [{"url": "https://support.apple.com/en-us/HT213940"}, {"url": "https://security.gentoo.org/glsa/202401-33"}, {"url": "https://security.netapp.com/advisory/ntap-20240426-0004/"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-04-26T09:06:59.072Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-754", "lang": "en", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "affected": [{"vendor": "apple", "product": "iphone_os", "cpes": ["cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "17.0.1", "versionType": "custom"}]}, {"vendor": "apple", "product": "ipad_os", "cpes": ["cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "17.0.1", "versionType": "custom"}]}, {"vendor": "apple", "product": "macos", "cpes": ["cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "14.0", "versionType": "custom"}]}, {"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "37", "status": "affected"}]}, {"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "38", "status": "affected"}]}, {"vendor": "fedoraproject", "product": "fedora", "cpes": ["cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "39", "status": "affected"}]}, {"vendor": "debian", "product": "debian_linux", "cpes": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "11.0", "status": "affected"}, {"version": "12.0", "status": "affected"}]}, {"vendor": "oracle", "product": "graalvm", "cpes": ["cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "20.3.13", "status": "affected"}]}, {"vendor": "oracle", "product": "graalvm", "cpes": ["cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "21.3.9", "status": "affected"}]}, {"vendor": "oracle", "product": "jdk", "cpes": ["cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.8.0", "status": "affected"}]}, {"vendor": "oracle", "product": "jre", "cpes": ["cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.8.0", "status": "affected"}]}, {"vendor": "netapp", "product": "cloud_insights_acquisition_unit", "cpes": ["cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "netapp", "product": "cloud_insights_storage_workload_security_agent", "cpes": ["cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "netapp", "product": "oncommand_insight", "cpes": ["cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}, {"vendor": "netapp", "product": "oncommand_workflow_automation", "cpes": ["cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-01-11T02:17:52.028515Z", "id": "CVE-2023-41993", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-09-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41993"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-29T16:19:32.611Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-29T13:17:27.813Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213940", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-33", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240426-0004/", "tags": ["x_transferred"]}, {"url": "https://webkitgtk.org/security/WSA-2023-0009.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT213940", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202401-33", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240426-0004/", "tags": ["x_transferred"]}, {"url": "https://webkitgtk.org/security/WSA-2023-0009.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-29T13:17:27.813Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-41993", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-11T02:17:52.028515Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-09-25", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41993"}}}], "affected": [{"cpes": ["cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "iphone_os", "versions": [{"status": "affected", "version": "0", "lessThan": "17.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "ipad_os", "versions": [{"status": "affected", "version": "0", "lessThan": "17.0.1", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*"], "vendor": "apple", "product": "macos", "versions": [{"status": "affected", "version": "0", "lessThan": "14.0", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "37"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "38"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"], "vendor": "fedoraproject", "product": "fedora", "versions": [{"status": "affected", "version": "39"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"], "vendor": "debian", "product": "debian_linux", "versions": [{"status": "affected", "version": "11.0"}, {"status": "affected", "version": "12.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*"], "vendor": "oracle", "product": "graalvm", "versions": [{"status": "affected", "version": "20.3.13"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:*:*:*:*"], "vendor": "oracle", "product": "graalvm", "versions": [{"status": "affected", "version": "21.3.9"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:jdk:1.8.0:-:*:*:*:*:*:*"], "vendor": "oracle", "product": "jdk", "versions": [{"status": "affected", "version": "1.8.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:oracle:jre:1.8.0:*:*:*:*:*:*:*"], "vendor": "oracle", "product": "jre", "versions": [{"status": "affected", "version": "1.8.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "cloud_insights_acquisition_unit", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "cloud_insights_storage_workload_security_agent", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "oncommand_insight", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"], "vendor": "netapp", "product": "oncommand_workflow_automation", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-25T18:44:12.454Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT213940"}, {"url": "https://security.gentoo.org/glsa/202401-33"}, {"url": "https://security.netapp.com/advisory/ntap-20240426-0004/"}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2024-04-26T09:06:59.072Z"}}}, "cveMetadata": {"cveId": "CVE-2023-41993", "state": "PUBLISHED", "dateUpdated": "2025-02-13T17:09:12.791Z", "dateReserved": "2023-09-06T17:40:06.142Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2023-09-21T18:23:52.197Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"cisaActionDue": "2023-10-16", "cisaExploitAdd": "2023-09-25", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Apple Multiple Products WebKit Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "4FE34465-0131-48BD-9BB6-47F83243BAE3", "versionEndExcluding": "17.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB5FD4B4-540C-4068-90D2-BEC12CDF54D9", "versionEndExcluding": "17.0.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A5DD3D5-FB4F-4313-B873-DCED87FC4605", "versionEndExcluding": "14.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", "matchCriteriaId": "00EDC8FF-13F2-4218-9EF4-B509364AE7B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*", "matchCriteriaId": "938A32D1-FBAB-42AE-87A7-AB19402B561A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update401:*:*:*:*:*:*", "matchCriteriaId": "B9155227-6787-4FAA-BB2C-C99D77DD2111", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jre:1.8.0:update401:*:*:*:*:*:*", "matchCriteriaId": "FD4CDABD-BC1E-4A23-8022-D7A0E615C9F4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*", "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webkitgtk:webkitgtk\\+:*:*:*:*:*:*:*:*", "matchCriteriaId": "076EFDED-230F-4848-A138-4CFDF6B863B3", "versionEndExcluding": "2.42.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7."}, {"lang": "es", "value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en Safari 17, iOS 16.7 y iPadOS 16.7, macOS Sonoma 14. El procesamiento de contenido web puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS anteriores a iOS 16.7."}], "id": "CVE-2023-41993", "lastModified": "2024-11-29T14:43:20.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2023-09-21T19:15:11.660", "references": [{"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202401-33"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240426-0004/"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202401-33"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240426-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://support.apple.com/en-us/HT213940"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://webkitgtk.org/security/WSA-2023-0009.html"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-754"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:4202", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.38.5-1.el8_8.5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-07-18T00:00:00Z"}, {"advisory": "RHSA-2023:4201", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "webkit2gtk3-0:2.38.5-1.el9_2.3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-07-18T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: processing malicious web content may lead to arbitrary code execution", "id": "2240522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240522"}, "csaw": true, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "details": ["The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.", "A vulnerability was found in webkitgtk. This issue occurs when processing web content, which may lead to arbitrary code execution."], "name": "CVE-2023-41993", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "webkitgtk4", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-09-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-41993\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-41993\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This issue doesn't affect the versions of webkitgtk as shipped with Red Hat Enterprise Linux 8 and 9 as the flaw relies on JIT engine. JIT was disabled in the past when the fixes for CVE-2023-32435 and CVE-2023-32439 were released.", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object