{"containers": {"cna": {"affected": [{"product": "WhatsApp for Android", "vendor": "Facebook", "versions": [{"status": "affected", "version": "2.19.104"}, {"lessThan": "unspecified", "status": "affected", "version": "2.19.54", "versionType": "custom"}, {"status": "affected", "version": "2.19.52"}]}, {"product": "WhatsApp Business for Android", "vendor": "Facebook", "versions": [{"status": "affected", "version": "2.19.38"}, {"lessThan": "unspecified", "status": "affected", "version": "2.19.22", "versionType": "custom"}]}], "dateAssigned": "2019-05-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "Improper Access Control (CWE-284)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-05-15T15:48:59.000Z", "orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "shortName": "facebook"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.facebook.com/security/advisories/cve-2019-3566"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@fb.com", "DATE_ASSIGNED": "2019-05-09", "ID": "CVE-2019-3566", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WhatsApp for Android", "version": {"version_data": [{"version_affected": "!=>", "version_value": "2.19.104"}, {"version_affected": ">=", "version_value": "2.19.54"}, {"version_affected": "=", "version_value": "2.19.52"}]}}, {"product_name": "WhatsApp Business for Android", "version": {"version_data": [{"version_affected": "!=>", "version_value": "2.19.38"}, {"version_affected": ">=", "version_value": "2.19.22"}]}}]}, "vendor_name": "Facebook"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Access Control (CWE-284)"}]}]}, "references": {"reference_data": [{"name": "https://www.facebook.com/security/advisories/cve-2019-3566", "refsource": "MISC", "url": "https://www.facebook.com/security/advisories/cve-2019-3566"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:12:09.532Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.facebook.com/security/advisories/cve-2019-3566"}]}]}, "cveMetadata": {"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827", "assignerShortName": "facebook", "cveId": "CVE-2019-3566", "datePublished": "2019-05-10T20:58:02.000Z", "dateReserved": "2019-01-02T00:00:00.000Z", "dateUpdated": "2024-08-04T19:12:09.532Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*", "matchCriteriaId": "F990E9CA-6D62-4804-8E0C-DAC9AD7DA3DE", "versionEndIncluding": "2.19.103", "versionStartIncluding": "2.19.54", "vulnerable": true}, {"criteria": "cpe:2.3:a:whatsapp:whatsapp:2.19.52:*:*:*:*:android:*:*", "matchCriteriaId": "C3AF6D26-D194-4F97-90A6-3A84ACFE6E20", "vulnerable": true}, {"criteria": "cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*", "matchCriteriaId": "D86A653D-F50C-409D-82C9-2342EEFB0F29", "versionEndIncluding": "2.19.38", "versionStartIncluding": "2.19.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A bug in WhatsApp for Android's messaging logic would potentially allow a malicious individual who has taken over over a WhatsApp user's account to recover previously sent messages. This behavior requires independent knowledge of metadata for previous messages, which are not available publicly. This issue affects WhatsApp for Android 2.19.52 and 2.19.54 - 2.19.103, as well as WhatsApp Business for Android starting in v2.19.22 until v2.19.38."}, {"lang": "es", "value": "Se descubri\u00f3 un error en la l\u00f3gica de mensajer\u00eda de WhatsApp para Android que permitir\u00eda potencialmente que un individuo malicioso que se haya encargado de la cuenta de un usuario de WhatsApp recupere los mensajes enviados anteriormente. Este comportamiento requiere un conocimiento independiente de los metadatos para los mensajes anteriores, que no est\u00e1n disponibles p\u00fablicamente. Este problema afecta a WhatsApp para Android versi\u00f3n 2.19.52 y versi\u00f3n 2.19.54 - 2.19.103, as\u00ed como a WhatsApp Business para Android comenzando en la versi\u00f3n v2.19.22 hasta v2.19.38."}], "id": "CVE-2019-3566", "lastModified": "2024-11-21T04:42:10.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-10T21:29:00.303", "references": [{"source": "cve-assign@fb.com", "tags": ["Third Party Advisory"], "url": "https://www.facebook.com/security/advisories/cve-2019-3566"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.facebook.com/security/advisories/cve-2019-3566"}], "sourceIdentifier": "cve-assign@fb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "cve-assign@fb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}