CVE-2022-32836

CVE Database · CVE-2022-32836

CVE-2022-32836

· HIGHModified

CVSS v3.1

7.5

EPSS

0.55%

Published

Feb 27, 2023

Modified

Mar 11, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200

Affected Products (1)

apple · musicvulnerable

References (2)

https://support.apple.com/en-us/HT213473

Release NotesVendor Advisory

https://support.apple.com/en-us/HT213473

Release NotesVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs