Messaging Logic Vulnerability in WhatsApp for Android by Facebook
CVE-2019-3566

5.9MEDIUM

Key Information:

Vendor: Facebook
Status: WhatSAPp For Android; WhatSAPp Business For Android
Vendor: CVE Published:; 10 May 2019

What is CVE-2019-3566?

A flaw in the messaging logic of WhatsApp for Android enables a potential attacker with access to a user's account to retrieve previously sent messages. This vulnerability requires specific knowledge of message metadata that is not publicly accessible. The affected versions include WhatsApp for Android starting from 2.19.52 to 2.19.103 and WhatsApp Business for Android from version 2.19.22 to 2.19.38.

Affected Version(s)

WhatsApp Business for Android 2.19.38

WhatsApp Business for Android 2.19.22

WhatsApp for Android 2.19.104

References

https://www.facebook.com/security/advisories/cve-2019-3566

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 10, 2019
Vulnerability Reserved
Jan 2, 2019