CVE-2021-27499
N/A
N/A
Summary
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Ypsomed mylife Cloud, mylife Mobile Application | Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5 | affected |
Weaknesses
- CWE-329: NOT USING AN UNPREDICTABLE IV WITH CBC MODE (CWE-329)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.