Vulnerabilities > Ypsomed

DATE CVE VULNERABILITY TITLE RISK
2021-08-02 CVE-2021-27499 Use of Insufficiently Random Values vulnerability in Ypsomed Mylife and Mylife Cloud
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages.
network
high complexity
ypsomed CWE-330
5.9
2021-08-02 CVE-2021-27503 Use of Hard-coded Credentials vulnerability in Ypsomed Mylife and Mylife Cloud
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on hard-coded secrets, which allows man-in-the-middle attackers to tamper with messages.
network
high complexity
ypsomed CWE-798
4.8
2021-07-30 CVE-2021-27491 Unspecified vulnerability in Ypsomed Mylife and Mylife Cloud
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process.
network
low complexity
ypsomed
7.5
2021-07-30 CVE-2021-27495 Unspecified vulnerability in Ypsomed Mylife and Mylife Cloud
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.
network
low complexity
ypsomed
7.1