Lucene search

[email protected]CVE-2022-36928

HistoryJan 09, 2023 - 7:15 p.m.

CVE-2022-36928

2023-01-0919:15:11

CWE-35

CWE-22

[email protected]

web.nvd.nist.gov

149

zoom

android

clients

version 5.13.0

path traversal

vulnerability

nvd

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.

Affected configurations

NVD

Node

zoomzoomRange<5.13.0android

CPENameOperatorVersion
zoom:zoomzoomlt5.13.0

CPE	Name	Operator	Version
zoom:zoom	zoom	lt	5.13.0

CNA Affected

[
  {
    "vendor": "Zoom Video Communications Inc",
    "product": "Zoom for Android",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.13.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Related for CVE-2022-36928

nvd1 prion1 cvelist1