CVE-2014-1242

Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
appleitunes
𝑥
≤ 11.1.3
appleitunes
11.0
appleitunes
11.0.1
appleitunes
11.0.2
appleitunes
11.0.3
appleitunes
11.0.4
appleitunes
11.0.5
appleitunes
11.1
appleitunes
11.1.1
appleitunes
11.1.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/102410
http://support.apple.com/kb/HT6001
http://www.securityfocus.com/bid/65088
http://www.securitytracker.com/id/1029671
https://exchange.xforce.ibmcloud.com/vulnerabilities/90653
http://osvdb.org/102410
http://support.apple.com/kb/HT6001
http://www.securityfocus.com/bid/65088
http://www.securitytracker.com/id/1029671
https://exchange.xforce.ibmcloud.com/vulnerabilities/90653