HIGH 8.2 KEV Publié le 2020-01-21

CVE-2019-18426

EN A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.

CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

EPSS 61.0% percentile 98.3%

CISA Known Exploited Vulnerability

Ajouté au KEV: 2022-05-23
Deadline remédiation: 2022-06-13
Action requise: Apply updates per vendor instructions.
Ransomware: Non

Apps suivies affectées

net.whatsapp.WhatsApp

1 ouverte 1 exploitée

Configurations CPE vulnérables

Vendor	Produit	Plateforme	Versions	CPE 2.3 URI
whatsapp	whatsapp iOS	iOS	<2.20.10	cpe:2.3:a:whatsapp:whatsapp::::::iphone_os::*

Voir sur NVD ↗ Catalogue CISA KEV ↗