Filtered by vendor Ypsomed
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-27503 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2021-08-11 | 5.8 MEDIUM | 4.8 MEDIUM |
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on hard-coded secrets, which allows man-in-the-middle attackers to tamper with messages. | |||||
CVE-2021-27499 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2021-08-11 | 4.3 MEDIUM | 5.9 MEDIUM |
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages. | |||||
CVE-2021-27495 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2021-08-10 | 5.8 MEDIUM | 7.1 HIGH |
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint. | |||||
CVE-2021-27491 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2021-08-10 | 5.0 MEDIUM | 7.5 HIGH |
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process. |