CVE-2019-3566 — Improper Access Control in Whatsapp Business FOR Android

CWE-284 — Improper Access Control4 documents4 sources

Severity

5.9MEDIUMNVD

OSV7.5

EPSS

0.3%

top 42.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Facebook Whatsapp Business FOR Android Facebook Whatsapp FOR Android Php5 +2 more

Timeline

PublishedMay 10

Latest updateMay 24

Description

A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5facebook/whatsapp_business_for_android2.19.22 — unspecified+1

▶CVEListV5facebook/whatsapp_for_android2.19.54 — unspecified+2

▶NVDwhatsapp/whatsapp_business2.19.22 — 2.19.38

▶NVDwhatsapp/whatsapp2.19.54 — 2.19.103+1

▶Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.29+esm2

🔴Vulnerability Details

GHSA

GHSA-9vw8-5c3c-w435: A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to re↗2022-05-24

▶

OSV

php5 vulnerabilities↗2019-05-22

▶

CVEList

CVE-2019-3566: A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to re↗2019-05-10

▶