CVE-2019-3566 Vulnerability Details

  /     /     /  

CVE-2019-3566 Metadata Quick Info

CVE Published: 10/05/2019 | CVE Updated: 04/08/2024 | CVE Year: 2019
Source: facebook | Vendor: Facebook | Product: WhatsApp for Android
Status : PUBLISHED

---

CVE-2019-3566 Description

A bug in WhatsApp for Android\'s messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user\'s account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-284
CWE Name: Improper Access Control (CWE-284)
Source: Facebook

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).