CVE-2021-24027 vulnerability in WhatsApp Products
Published on April 6, 2021
A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the devices external storage to read cached TLS material.
Weakness Type
Use of Cache Containing Sensitive Information
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere. Applications may use caches to improve efficiency when communicating with remote entities or performing intensive calculations. A cache maintains a pool of objects, threads, connections, pages, financial data, passwords, or other resources to minimize the time it takes to initialize and access these resources. If the cache is accessible to unauthorized actors, attackers can read the cache and obtain this sensitive information.
Products Associated with CVE-2021-24027
stack.watch emails you whenever new vulnerabilities are published in WhatsApp or Whatsapp Business. Just hit a watch button to start following.
Affected Versions
Facebook WhatsApp Business for Android:- Version v2.21.4.18 is affected.
- Version unspecified and below v2.21.4.18 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.