5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
9.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.7%
The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.
[
{
"product": "Zoom Client for Meetings for Android",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Client for Meetings for iOS",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Client for Meetings for Linux",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Client for Meetings for MacOS",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Zoom Client for Meetings for Windows",
"vendor": "Zoom Video Communications Inc",
"versions": [
{
"lessThan": "5.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
9.3 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.7%