{"api_version":"1","generated_at":"2026-05-15T00:24:52+00:00","cve":"CVE-2019-6206","urls":{"html":"https://cve.report/CVE-2019-6206","api":"https://cve.report/api/cve/CVE-2019-6206.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-6206","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-6206"},"summary":{"title":"CVE-2019-6206","description":"An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2019-03-04 20:29:00","updated_at":"2020-08-24 17:37:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/106687","name":"106687","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Apple iOS CVE-2019-6206 Local Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://support.apple.com/HT209443","name":"https://support.apple.com/HT209443","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"About the security content of iOS 12.1.3 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-6206","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6206","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"6206","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"6206","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"product-security@apple.com","ID":"CVE-2019-6206","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"iOS","version":{"version_data":[{"version_affected":"<","version_value":"iOS 12.1.3"}]}}]},"vendor_name":"Apple"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Password autofill may fill in passwords after they were manually cleared"}]}]},"references":{"reference_data":[{"name":"106687","refsource":"BID","url":"http://www.securityfocus.com/bid/106687"},{"name":"https://support.apple.com/HT209443","refsource":"CONFIRM","url":"https://support.apple.com/HT209443"}]}},"nvd":{"publishedDate":"2019-03-04 20:29:00","lastModifiedDate":"2020-08-24 17:37:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"12.1.3","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"6206","Ordinal":"143877","Title":"CVE-2019-6206","CVE":"CVE-2019-6206","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"6206","Ordinal":"1","NoteData":"An issue existed with autofill resuming after it was canceled. The issue was addressed with improved state management. This issue is fixed in iOS 12.1.3. Password autofill may fill in passwords after they were manually cleared.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"6206","Ordinal":"2","NoteData":"2019-03-04","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"6206","Ordinal":"3","NoteData":"2019-03-05","Type":"Other","Title":"Modified"}]}}}