CVE-2024-54540

The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.apple.com/en-us/122043	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:apple:music:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_10_22h2:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_22h2:-::::::x86:
	cpe:2.3:o:microsoft:windows_11_24h2:-::::::arm64:

History

24 Mar 2025, 18:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
First Time		Microsoft windows 10 22h2 Microsoft windows 11 24h2 Apple Apple music Microsoft
References	~~() https://support.apple.com/en-us/122043 -~~	() https://support.apple.com/en-us/122043 - Vendor Advisory
CWE		CWE-79 NVD-CWE-noinfo
CPE		cpe:2.3:o:microsoft:windows_10_22h2:-::::::x86: cpe:2.3:o:microsoft:windows_10_22h2:-::::::x64: cpe:2.3:o:microsoft:windows_11_24h2:-::::::arm64: cpe:2.3:a:apple:music::::::::

18 Feb 2025, 21:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : unknown
CWE	~~CWE-79~~

16 Jan 2025, 15:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
CWE		CWE-79
Summary		(es) El problema se solucionó con una mejora en la desinfección de entradas. Este problema se solucionó en Apple Music 1.5.0.152 para Windows. El procesamiento de contenido web creado con fines malintencionados puede revelar estados internos de la aplicación.

15 Jan 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-15 20:15

Updated : 2025-03-24 18:15

NVD link : CVE-2024-54540

Mitre link : CVE-2024-54540

CVE.ORG link : CVE-2024-54540

JSON object : View

Products Affected

apple

music

microsoft

windows_10_22h2
windows_11_24h2

CWE

NVD-CWE-noinfo CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2024-54540", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2025-01-15T20:15:28.703", "references": [{"url": "https://support.apple.com/en-us/122043", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app."}, {"lang": "es", "value": " El problema se solucion\u00f3 con una mejora en la desinfecci\u00f3n de entradas. Este problema se solucion\u00f3 en Apple Music 1.5.0.152 para Windows. El procesamiento de contenido web creado con fines malintencionados puede revelar estados internos de la aplicaci\u00f3n."}], "lastModified": "2025-03-24T18:15:20.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:music:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A892F5D6-8509-471E-B119-9E57A7F0603E", "versionEndExcluding": "1.5.0.152"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x64:*", "vulnerable": false, "matchCriteriaId": "C230D3BF-7FCE-405C-B62E-B9190C995C3C"}, {"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:-:*:*:*:*:*:x86:*", "vulnerable": false, "matchCriteriaId": "1FD62DCB-66D1-4CEA-828E-0BD302AC63CA"}, {"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:-:*:*:*:*:*:arm64:*", "vulnerable": false, "matchCriteriaId": "08EE1F3A-A8DE-4867-BB5B-8A8ED867F3CA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@apple.com"}