CVE-2016-1789

EUVD-2016-2884
Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
Affected Products (NVD)
VendorProductVersion
appleibooks_author
𝑥
≤ 2.4.0
𝑥
= Vulnerable software versions
References
http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html
https://support.apple.com/kb/HT206224
http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html
https://support.apple.com/kb/HT206224