CVE-2021-27499

Summary

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages.

Affected Software

VendorProductVersion RangeStatus
n/aYpsomed mylife Cloud, mylife Mobile ApplicationYpsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5affected

Weaknesses

  • CWE-329: NOT USING AN UNPREDICTABLE IV WITH CBC MODE (CWE-329)

ADP Enrichment

CVE Program Container

Additional References

References