CVE-2019-8632

EUVD-2019-18022
Some analytics data was sent using HTTP rather than HTTPS. This was addressed by no longer sending this analytics data. This issue is fixed in Texture 5.11.10 for iOS, Texture 4.22.0.4 for Android. An attacker in a privileged network position may be able to intercept analytics data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
appletexture
𝑥
< 5.11.10
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.apple.com/HT210110
https://support.apple.com/HT210111
https://www.info-sec.ca/advisories/Texture.html
https://support.apple.com/HT210110
https://support.apple.com/HT210111
https://www.info-sec.ca/advisories/Texture.html