ByteOS Network

NVD Vulnerability Details :

CVE-2016-1789

Deferred

Source-product-security@apple.com

Published At-05 Apr, 2016 | 17:59

Updated At-12 Apr, 2025 | 10:46

Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	5.5	MEDIUM	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 5.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

Apple Inc.

>>ibooks_author>>Versions up to 2.4.0(inclusive)

cpe:2.3:a:apple:ibooks_author:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

Evaluator Description

CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

References

Hyperlink	Source	Resource
http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html	product-security@apple.com	N/A
https://support.apple.com/kb/HT206224	product-security@apple.com	Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html	af854a3a-2127-422b-91ae-364da2661108	N/A
https://support.apple.com/kb/HT206224	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory