Lucene search

ZoomCVELIST:CVE-2023-36535

HistoryAug 08, 2023 - 5:39 p.m.

CVE-2023-36535

2023-08-0817:39:51

CWE-449

Zoom

www.cve.org

zoom

security vulnerability

information disclosure

network access

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

28.3%

JSON

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Zoom Clients",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.14.10"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

28.3%

JSON

Related for CVELIST:CVE-2023-36535