CVE-2019-3566

A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38.

CVSS v3 5.9 MEDIUM
CVSS v2.0 4.3 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.facebook.com/security/advisories/cve-2019-3566	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:whatsapp:whatsapp::::::android::*
	cpe:2.3:a:whatsapp:whatsapp:2.19.52:::::android::
	cpe:2.3:a:whatsapp:whatsapp_business::::::android::*

History

14 Sep 2021, 12:15

Type	Values Removed	Values Added
CPE		cpe:2.3:a:whatsapp:whatsapp_business::::::android::*
CWE	~~CWE-200~~	NVD-CWE-noinfo

Information

Published : 2019-05-10 21:29

Updated : 2024-02-04 20:20

NVD link : CVE-2019-3566

Mitre link : CVE-2019-3566

CVE.ORG link : CVE-2019-3566

JSON object : View

Products Affected

whatsapp

whatsapp
whatsapp_business

CWE

NVD-CWE-noinfo CWE-284

Improper Access Control

{"id": "CVE-2019-3566", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-05-10T21:29:00.303", "references": [{"url": "https://www.facebook.com/security/advisories/cve-2019-3566", "tags": ["Third Party Advisory"], "source": "cve-assign@fb.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38."}, {"lang": "es", "value": "Se descubri\u00f3 un error en la l\u00f3gica de mensajer\u00eda de WhatsApp para Android que permitir\u00eda potencialmente que un individuo malicioso que se haya encargado de la cuenta de un usuario de WhatsApp recupere los mensajes enviados anteriormente. Este comportamiento requiere un conocimiento independiente de los metadatos para los mensajes anteriores, que no est\u00e1n disponibles p\u00fablicamente. Este problema afecta a WhatsApp para Android versi\u00f3n 2.19.52 y versi\u00f3n 2.19.54 - 2.19.103, as\u00ed como a WhatsApp Business para Android comenzando en la versi\u00f3n v2.19.22 hasta v2.19.38."}], "lastModified": "2021-09-14T12:15:52.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "F990E9CA-6D62-4804-8E0C-DAC9AD7DA3DE", "versionEndIncluding": "2.19.103", "versionStartIncluding": "2.19.54"}, {"criteria": "cpe:2.3:a:whatsapp:whatsapp:2.19.52:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "C3AF6D26-D194-4F97-90A6-3A84ACFE6E20"}, {"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "D86A653D-F50C-409D-82C9-2342EEFB0F29", "versionEndIncluding": "2.19.38", "versionStartIncluding": "2.19.22"}], "operator": "OR"}]}], "sourceIdentifier": "cve-assign@fb.com"}