Vulnerabilities > CVE-2020-1908 - Files or Directories Accessible to External Parties vulnerability in Whatsapp and Whatsapp Business

CVSS 4.6 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

low complexity

CWE-552

NVD

Published: 2020-11-03

Updated: 2020-11-13

Summary

Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked.

Vulnerable Configurations

Part	Description	Count
Application	Whatsapp Whatsapp Whatsapp Business - Whatsapp Whatsapp Business 2.19.21 Whatsapp Whatsapp Business 2.19.42 Whatsapp Whatsapp Business 2.19.51 Whatsapp Whatsapp Business 2.19.60 Whatsapp Whatsapp Business 2.19.61 Whatsapp Whatsapp Business 2.19.70 Whatsapp Whatsapp Business 2.19.71 Whatsapp Whatsapp Business 2.19.80 Whatsapp Whatsapp Business 2.19.90 Whatsapp Whatsapp Business 2.19.91 Whatsapp Whatsapp Business 2.19.92 Whatsapp Whatsapp Business 2.19.100 Whatsapp Whatsapp Business 2.19.110 Whatsapp Whatsapp Business 2.19.112 Whatsapp Whatsapp Business 2.20.30 Whatsapp Whatsapp Business 2.20.61 Whatsapp Whatsapp Business 2.20.90 Whatsapp Whatsapp - Whatsapp Whatsapp 2.2.5 Whatsapp Whatsapp 2.6.4 Whatsapp Whatsapp 2.6.5 Whatsapp Whatsapp 2.6.6 Whatsapp Whatsapp 2.6.7 Whatsapp Whatsapp 2.6.9 Whatsapp Whatsapp 2.6.10 Whatsapp Whatsapp 2.8.1 Whatsapp Whatsapp 2.8.2 Whatsapp Whatsapp 2.8.3 Whatsapp Whatsapp 2.8.4 Whatsapp Whatsapp 2.8.6 Whatsapp Whatsapp 2.8.7 Whatsapp Whatsapp 2.10.1 Whatsapp Whatsapp 2.10.2 Whatsapp Whatsapp 2.11.3 Whatsapp Whatsapp 2.11.4 Whatsapp Whatsapp 2.11.5 Whatsapp Whatsapp 2.11.6 Whatsapp Whatsapp 2.11.7 Whatsapp Whatsapp 2.11.8 Whatsapp Whatsapp 2.11.9 Whatsapp Whatsapp 2.11.11 Whatsapp Whatsapp 2.11.12 Whatsapp Whatsapp 2.11.14 Whatsapp Whatsapp 2.11.15 Whatsapp Whatsapp 2.11.16 Whatsapp Whatsapp 2.12.1 Whatsapp Whatsapp 2.12.2 Whatsapp Whatsapp 2.12.3 Whatsapp Whatsapp 2.12.4 Whatsapp Whatsapp 2.12.6 Whatsapp Whatsapp 2.12.7 Whatsapp Whatsapp 2.12.8 Whatsapp Whatsapp 2.12.9 Whatsapp Whatsapp 2.12.10 Whatsapp Whatsapp 2.12.11 Whatsapp Whatsapp 2.12.12 Whatsapp Whatsapp 2.12.13 Whatsapp Whatsapp 2.12.14 Whatsapp Whatsapp 2.12.15 Whatsapp Whatsapp 2.12.16 Whatsapp Whatsapp 2.12.17 Whatsapp Whatsapp 2.16.1 Whatsapp Whatsapp 2.16.2 Whatsapp Whatsapp 2.16.3 Whatsapp Whatsapp 2.16.4 Whatsapp Whatsapp 2.16.5 Whatsapp Whatsapp 2.16.6 Whatsapp Whatsapp 2.16.7 Whatsapp Whatsapp 2.16.8 Whatsapp Whatsapp 2.16.9 Whatsapp Whatsapp 2.16.10 Whatsapp Whatsapp 2.16.11 Whatsapp Whatsapp 2.16.12 Whatsapp Whatsapp 2.16.13 Whatsapp Whatsapp 2.16.14 Whatsapp Whatsapp 2.16.15 Whatsapp Whatsapp 2.16.16 Whatsapp Whatsapp 2.16.17 Whatsapp Whatsapp 2.16.18 Whatsapp Whatsapp 2.16.19 Whatsapp Whatsapp 2.16.20 Whatsapp Whatsapp 2.17.1 Whatsapp Whatsapp 2.17.2 Whatsapp Whatsapp 2.17.3 Whatsapp Whatsapp 2.17.4 Whatsapp Whatsapp 2.17.5 Whatsapp Whatsapp 2.17.7 Whatsapp Whatsapp 2.18.90.24 Whatsapp Whatsapp 2.18.93 Whatsapp Whatsapp 2.18.100.2 Whatsapp Whatsapp 2.18.100.6 Whatsapp Whatsapp 2.19.51 Whatsapp Whatsapp 2.19.100 Whatsapp Whatsapp 2.20.10 Whatsapp Whatsapp 2.20.30 Whatsapp Whatsapp 2.20.61 Whatsapp Whatsapp 2.20.90 Whatsapp Whatsapp 2.20.91.4	101

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://www.whatsapp.com/security/advisories/2020/