PT-2021-17478 · Ypsomed · Ypsomed Mylife Cloud+1

Dr. Oliver Matula

Published

2021-07-30

Updated

2021-08-10

CVE-2021-27495

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Ypsomed mylife Cloud versions prior to 1.7.2 Ypsomed mylife App versions prior to 1.7.5

Description The Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.

Recommendations For Ypsomed mylife Cloud versions prior to 1.7.2, update to version 1.7.2 or later to resolve the issue. For Ypsomed mylife App versions prior to 1.7.5, update to version 1.7.5 or later to resolve the issue.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2021-27495

Affected Products

Ypsomed Mylife App

Ypsomed Mylife Cloud

PT-2021-17478 · Ypsomed · Ypsomed Mylife Cloud+1

CVE-2021-27495

Weakness Enumeration

Related Identifiers

Affected Products

References · 5