Lucene search

ZoomCVELIST:CVE-2023-39218

HistoryAug 08, 2023 - 5:54 p.m.

CVE-2023-39218

2023-08-0817:54:59

CWE-602

Zoom

www.cve.org

zoom

clients

5.14.10

information disclosure

network access

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

28.3%

JSON

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Zoom Clients",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.14.10"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

28.3%

JSON

Related for CVELIST:CVE-2023-39218