Lucene search

[email protected]NVD:CVE-2022-28764

HistoryNov 14, 2022 - 9:15 p.m.

CVE-2022-28764

2022-11-1421:15:13

CWE-200

CWE-459

[email protected]

web.nvd.nist.gov

zoom client

meetings

vulnerability

information exposure

sql database

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.

Affected configurations

NVD

Node

zoommeetingsRange<5.12.6android

zoommeetingsRange<5.12.6iphone_os

zoommeetingsRange<5.12.6linux

zoommeetingsRange<5.12.6macos

zoommeetingsRange<5.12.6windows

zoomroomsRange<5.12.6android

zoomroomsRange<5.12.6iphone_os

zoomroomsRange<5.12.6linux

zoomroomsRange<5.12.6macos

zoomroomsRange<5.12.6windows

zoomvdi_windows_meeting_clientsRange<5.12.6

References

explore.zoom.us/en/trust/security/security-bulletin/

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2022-28764

openvas1 prion1 cve1 cvelist1 nessus2