CVE-2016-1789

Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
appleibooks_author
𝑥
≤ 2.4.0
𝑥
= Vulnerable software versions
References
http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html
https://support.apple.com/kb/HT206224
http://lists.apple.com/archives/security-announce/2016/Mar/msg00008.html
https://support.apple.com/kb/HT206224