CVE-2024-54540

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

T

he issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.

References

Link	Resource
https://support.apple.com/en-us/122043	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:apple:music:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_10_22h2:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_22h2:-::::::x86:
	cpe:2.3:o:microsoft:windows_11_24h2:-::::::arm64:

History

24 Mar 2025, 18:15

Type	Values Removed	Values Added
First Time		Apple music Microsoft windows 11 24h2 Microsoft windows 10 22h2 Microsoft Apple
CWE		NVD-CWE-noinfo CWE-79
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
CPE		cpe:2.3:o:microsoft:windows_11_24h2:-::::::arm64: cpe:2.3:a:apple:music:::::::: cpe:2.3:o:microsoft:windows_10_22h2:-::::::x64: cpe:2.3:o:microsoft:windows_10_22h2:-::::::x86:
References	~~() https://support.apple.com/en-us/122043 -~~	() https://support.apple.com/en-us/122043 - Vendor Advisory

18 Feb 2025, 21:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : unknown
CWE	~~CWE-79~~

16 Jan 2025, 15:15

Type	Values Removed	Values Added
CWE		CWE-79
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
Summary		(es) El problema se solucionó con una mejora en la desinfección de entradas. Este problema se solucionó en Apple Music 1.5.0.152 para Windows. El procesamiento de contenido web creado con fines malintencionados puede revelar estados internos de la aplicación.

15 Jan 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-15 20:15

Updated : 2025-03-24 18:15

NVD link : CVE-2024-54540

Mitre link : CVE-2024-54540

CVE.ORG link : CVE-2024-54540

JSON object : View

Products Affected

music

CWE

NVD-CWE-noinfo CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-54540", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-01-15T20:15:28.703", "references": [{"url": "https://support.apple.com/en-us/122043", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app."}, {"lang": "es", "value": " El problema se solucion\u00f3 con una mejora en la desinfecci\u00f3n de entradas. Este problema se solucion\u00f3 en Apple Music 1.5.0.152 para Windows. El procesamiento de contenido web creado con fines malintencionados puede revelar estados internos de la aplicaci\u00f3n."}], "lastModified": "2025-03-24T18:15:20.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:music:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A892F5D6-8509-471E-B119-9E57A7F0603E", "versionEndExcluding": "1.5.0.152"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", "vulnerable": false, "matchCriteriaId": "C230D3BF-7FCE-405C-B62E-B9190C995C3C"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", "vulnerable": false, "matchCriteriaId": "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:-:*:*:*:*:*:arm64:*", "vulnerable": false, "matchCriteriaId": "08EE1F3A-A8DE-4867-BB5B-8A8ED867F3CA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}