Vulnerability Details : CVE-2021-24027

A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.

Published 2021-04-06 17:15:13

Updated 2022-08-30 22:40:50

Source Facebook, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-24027

Probability of exploitation activity in the next 30 days: 0.15%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 50 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-24027

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2021-24027

CWE-524 Use of Cache Containing Sensitive Information

The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere.

Assigned by: [email protected] (Secondary)

References for CVE-2021-24027

https://www.whatsapp.com/security/advisories/2021/

Vendor Advisory

CVEs referencing this url

Products affected by CVE-2021-24027

Whatsapp » Whatsapp » For Android
Versions before (<) 2.21.4.18
cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*
Matching versions
Whatsapp » Whatsapp Business » For Android
Versions before (<) 2.21.4.18
cpe:2.3:a:whatsapp:whatsapp_business:*:*:*:*:*:android:*:*
Matching versions