Vulnerability Details CVE-2020-1902
A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-1902
-
cpe:2.3:a:whatsapp:whatsapp:2.20.108
-
cpe:2.3:a:whatsapp:whatsapp:2.20.130
-
cpe:2.3:a:whatsapp:whatsapp:2.20.140
-
cpe:2.3:a:whatsapp:whatsapp_business:2.20.35
-
cpe:2.3:a:whatsapp:whatsapp_business:2.20.46
-
cpe:2.3:a:whatsapp:whatsapp_business:2.20.49