CVE Database · CVE-2021-46841
CVSS v3.1
5.9
EPSS
0.47%
Published
Feb 27, 2023
Modified
Mar 11, 2025
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NWeaknesses (CWE)
Affected Products (1)
References (2)