Lucene search

ZoomCVELIST:CVE-2022-22783

HistoryApr 28, 2022 - 3:00 p.m.

CVE-2022-22783 Process memory exposure in Zoom on-premise Meeting services

2022-04-2815:00:36

Zoom

www.cve.org

zoom

on-premise

meeting services

memory exposure

vulnerability

passive attacker

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

51.4%

JSON

A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker.

CNA Affected

[
  {
    "product": "Zoom On-Premise Meeting Connector Controller",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "status": "affected",
        "version": "4.8.102.2022031"
      }
    ]
  },
  {
    "product": "Zoom On-Premise Meeting Connector MMR",
    "vendor": "Zoom Video Communications Inc",
    "versions": [
      {
        "status": "affected",
        "version": "4.8.102.20220310"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

51.4%

JSON

Related for CVELIST:CVE-2022-22783