HTTP Data Transmission Vulnerability in WhatsApp for Android from Facebook
CVE-2020-1902

7.5HIGH

Key Information:

Vendor: Facebook
Status: WhatSAPp For Android; WhatSAPp Business For Android
Vendor: CVE Published:; 6 October 2020

What is CVE-2020-1902?

A vulnerability affects WhatsApp for Android and WhatsApp Business for Android, allowing a user to send a quick search request that could expose sensitive data over an unencrypted HTTP connection. This can lead to the potential interception of user information by unauthorized parties while using specific versions of the app.

Affected Version(s)

WhatsApp Business for Android 2.20.49

WhatsApp Business for Android < 2.20.49

WhatsApp for Android 2.20.140

References

https://www.whatsapp.com/security/advisories/2020/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 6, 2020
Vulnerability Reserved
Dec 2, 2019