Vulnerability Details CVE-2021-27503
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on hard-coded secrets, which allows man-in-the-middle attackers to tamper with messages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.2%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 5.8
References
Products affected by CVE-2021-27503
-
cpe:2.3:a:ypsomed:mylife:-
-
cpe:2.3:a:ypsomed:mylife_cloud:-