Messaging Logic Vulnerability in WhatsApp for Android by Facebook
CVE-2019-3566

5.9MEDIUM

Key Information:

Vendor

Facebook

Vendor
CVE Published:
10 May 2019

What is CVE-2019-3566?

A flaw in the messaging logic of WhatsApp for Android enables a potential attacker with access to a user's account to retrieve previously sent messages. This vulnerability requires specific knowledge of message metadata that is not publicly accessible. The affected versions include WhatsApp for Android starting from 2.19.52 to 2.19.103 and WhatsApp Business for Android from version 2.19.22 to 2.19.38.

Affected Version(s)

WhatsApp Business for Android 2.19.38

WhatsApp Business for Android 2.19.22

WhatsApp for Android 2.19.104

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.