cbcvebase.
CVE-2019-3566
published 2019-05-10

CVE-2019-3566: A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover…

PriorityP428medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
1.07%
60.6th percentile
A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38.

Affected

9 ranges
VendorProductVersion rangeFixed in
facebookwhatsapp_business_for_android
facebookwhatsapp_business_for_android>= 2.19.22 < unspecifiedunspecified
facebookwhatsapp_for_android
facebookwhatsapp_for_android
facebookwhatsapp_for_android>= 2.19.54 < unspecifiedunspecified
php5php5>= 0 < 5.5.9+dfsg-1ubuntu4.29+esm25.5.9+dfsg-1ubuntu4.29+esm2
whatsappwhatsapp
whatsappwhatsapp2.19.54 – 2.19.103
whatsappwhatsapp_business2.19.22 – 2.19.38

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.