Unrated severityNVD Advisory· Published Sep 15, 2009· Updated Jun 16, 2026

CVE-2009-2201

Description

The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Apple Inc./Xsan5 versions
cpe:2.3:a:apple:xsan:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:apple:xsan:*:*:*:*:*:*:*:*range: <=2.1.1
- cpe:2.3:a:apple:xsan:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apple:xsan:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apple:xsan:1.3:*:*:*:*:*:*:*
- (no CPE)range: <2.2

Patches

Vulnerability mechanics

References

lists.apple.com/archives/security-announce/2009/Sep/msg00005.htmlnvdPatchVendor Advisory
support.apple.com/kb/HT3797nvdPatchVendor Advisory
www.securityfocus.com/bid/36385nvdPatch
www.vupen.com/english/advisories/2009/2644nvdPatchVendor Advisory
osvdb.org/58133nvd
secunia.com/advisories/36673nvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/53232nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000