CVE-2021-27499

MEDIUM

Ypsomed mylife <1.7.2-1.7.5 - Info Disclosure

Title source: llm

Description

Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages.

References (1)

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsma-21-196-01

Scores

CVSS v3 5.9

EPSS 0.0010

EPSS Percentile 27.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-330 CWE-329

Status published

Products (2)

ypsomed/mylife < 1.7.5

ypsomed/mylife_cloud < 1.7.2

Published Aug 02, 2021

Tracked Since Feb 18, 2026