CVE-2021-22565

Summary

An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater.

Affected Software

VendorProductVersion RangeStatus
Google LLCGoogle Exposure-notifications-verification-serverunspecified < 1.1.2affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References