Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-36535
HistoryAug 08, 2023 - 6:15 p.m.

CVE-2023-36535

2023-08-0818:15:14
CWE-449
[email protected]
web.nvd.nist.gov
2
zoom
client-side enforcement
server-side security
information disclosure
authenticated user
network access
cve-2023-36535

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

28.3%

JSON

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.

Affected configurations

Nvd
Node
zoomroomsRange<5.14.10android
OR
zoomroomsRange<5.14.10ipad_os
OR
zoomroomsRange<5.14.10macos
OR
zoomroomsRange<5.14.10windows
OR
zoomvirtual_desktop_infrastructureRange<5.14.10
OR
zoomzoomRange<5.14.10android
OR
zoomzoomRange<5.14.10iphone_os
OR
zoomzoomRange<5.14.10linux
OR
zoomzoomRange<5.14.10macos
OR
zoomzoomRange<5.14.10windows
VendorProductVersionCPE
zoomrooms*cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*
zoomrooms*cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*
zoomrooms*cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*
zoomrooms*cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
zoomvirtual_desktop_infrastructure*cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*
zoomzoom*cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*
zoomzoom*cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*
zoomzoom*cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*
zoomzoom*cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*
zoomzoom*cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*

Related

nessus 1
prion 1
cve 1
cvelist 1
openvas 3
nessus
nessus
Zoom Client for Meetings < 5.14.10 Vulnerability (ZSB-23031)
2023-08-09 00:00:00
prion
prion
Information disclosure
2023-08-08 18:15:00
cve
cve
CVE-2023-36535
2023-08-08 18:15:14
cvelist
cvelist
CVE-2023-36535
2023-08-08 17:39:51
openvas
openvas
Zoom Client < 5.14.10 Multiple Information Disclosure Vulnerabilities (ZSB-23031, ZSB-23034) - Linux
2023-08-09 00:00:00
Zoom Client < 5.14.10 Multiple Information Disclosure Vulnerabilities (ZSB-23031, ZSB-23034) - Mac OS X
2023-08-09 00:00:00
Zoom Client < 5.14.10 Multiple Information Disclosure Vulnerabilities (ZSB-23031, ZSB-23034) - Windows
2023-08-09 00:00:00

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

28.3%

JSON
Related for NVD:CVE-2023-36535
nessus1prion1cve1cvelist1openvas3