Lucene search

ZoomCVELIST:CVE-2022-36928

HistoryJan 09, 2023 - 12:00 a.m.

CVE-2022-36928 Path Traversal in Zoom for Android Clients

2023-01-0900:00:00

CWE-35

Zoom

www.cve.org

zoom

android

path traversal

vulnerability

data directory

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.3%

JSON

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.

CNA Affected

[
  {
    "vendor": "Zoom Video Communications Inc",
    "product": "Zoom for Android",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "5.13.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.3%

JSON

Related for CVELIST:CVE-2022-36928