Vulnerabilites related to zoom - meeting_software_development_kit
CVE-2024-27243 (GCVE-0-2024-27243)
Vulnerability from cvelistv5
Published
2024-05-15 20:37
Modified
2024-09-20 14:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | see references |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T17:56:39.641952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:46:30.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:28:00.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24014/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "see references",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-05-14T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eBuffer overflow in some Zoom Workplace Apps and SDK\u2019s may allow an authenticated user to conduct a denial of service via network access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Buffer overflow in some Zoom Workplace Apps and SDK\u2019s may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:34:14.212Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24014/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Apps - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-27243",
"datePublished": "2024-05-15T20:37:45.264Z",
"dateReserved": "2024-02-21T21:15:32.633Z",
"dateUpdated": "2024-09-20T14:34:14.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24696 (GCVE-0-2024-24696)
Vulnerability from cvelistv5
Published
2024-02-13 23:51
Modified
2024-08-01 23:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24696",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T16:51:24.559952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:42:55.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-02-13T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T23:51:34.285Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24696",
"datePublished": "2024-02-13T23:51:34.285Z",
"dateReserved": "2024-01-26T22:56:14.681Z",
"dateUpdated": "2024-08-01T23:28:11.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39217 (GCVE-0-2023-39217)
Vulnerability from cvelistv5
Published
2023-08-08 17:49
Modified
2024-10-10 16:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom SDK's |
Version: before 5.14.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:05.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T16:21:35.760368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T16:21:43.772Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom SDK\u0027s",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.10"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access."
}
],
"value": "Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:12:05.128Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39217",
"datePublished": "2023-08-08T17:49:38.142Z",
"dateReserved": "2023-07-25T18:38:00.939Z",
"dateUpdated": "2024-10-10T16:21:43.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39210 (GCVE-0-2023-39210)
Vulnerability from cvelistv5
Published
2023-08-08 21:27
Modified
2024-10-04 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Summary
Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Client SDK for Windows |
Version: before 5.15.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:05.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39210",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T17:29:40.474919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T17:30:57.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Client SDK for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.15.0"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access."
}
],
"value": "Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access."
}
],
"impacts": [
{
"capecId": "CAPEC-117",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-117: Interception"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-08T21:27:52.422Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39210",
"datePublished": "2023-08-08T21:27:52.422Z",
"dateReserved": "2023-07-25T18:38:00.938Z",
"dateUpdated": "2024-10-04T17:30:57.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27443 (GCVE-0-2025-27443)
Vulnerability from cvelistv5
Published
2025-04-08 16:16
Modified
2025-04-08 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1188 - Insecure Default Initialization of Resource
Summary
Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps for Windows |
Version: See references. < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27443",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T20:32:03.387603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:32:12.324Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Apps for Windows",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references.",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-08T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Insecure Default Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T16:16:38.148Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25014"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps for Windows - Insecure Default Variable Initialization",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-27443",
"datePublished": "2025-04-08T16:16:38.148Z",
"dateReserved": "2025-02-25T18:35:04.401Z",
"dateUpdated": "2025-04-08T20:32:12.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42438 (GCVE-0-2024-42438)
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-16 20:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42438",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T20:04:49.519001Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T20:05:07.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:41:18.732Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42438",
"datePublished": "2024-08-14T16:41:18.732Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-16T20:05:07.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0145 (GCVE-0-2025-0145)
Vulnerability from cvelistv5
Published
2025-01-30 19:45
Modified
2025-01-30 21:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps for Windows |
Version: see references < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0145",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:23:14.886270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:23:22.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Apps for Windows",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "see references",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-01-14T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eUntrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e"
}
],
"value": "Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:45:39.432Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25004/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps for Windows - Untrusted Search Path",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-0145",
"datePublished": "2025-01-30T19:45:39.432Z",
"dateReserved": "2024-12-23T21:42:54.089Z",
"dateUpdated": "2025-01-30T21:23:22.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24698 (GCVE-0-2024-24698)
Vulnerability from cvelistv5
Published
2024-02-13 23:56
Modified
2024-09-27 19:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T15:30:17.531210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:32.245Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"iOS",
"Linux",
"Android"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-02-13T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.\u003cbr\u003e"
}
],
"value": "Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-449",
"description": "CWE-449: The UI Performs the Wrong Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:28:28.333Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients - Improper Authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24698",
"datePublished": "2024-02-13T23:56:14.515Z",
"dateReserved": "2024-01-26T22:56:14.681Z",
"dateUpdated": "2024-09-27T19:28:28.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27241 (GCVE-0-2024-27241)
Vulnerability from cvelistv5
Published
2024-07-15 17:17
Modified
2024-08-02 00:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Apps and SDKs |
Version: See references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "virtual_desktop_infrastructure",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_app",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:meeting_software_development_kit:-:*:*:*:*:linux:*:*",
"cpe:2.3:a:zoom:meeting_software_development_kit:-:*:*:*:*:macos:*:*",
"cpe:2.3:a:zoom:meeting_software_development_kit:-:*:*:*:*:windows:*:*",
"cpe:2.3:a:zoom:meeting_software_development_kit:-:*:*:*:*:android:*:*",
"cpe:2.3:a:zoom:meeting_software_development_kit:-:*:*:*:*:iphone_os:*:*"
],
"defaultStatus": "unknown",
"product": "meeting_software_development_kit",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:ipad_os:*:*",
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*",
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27241",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T15:26:41.393651Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T17:23:20.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24020"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Apps and SDKs",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"datePublic": "2024-07-09T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T17:17:01.679Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24020"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Apps and SDKs - Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-27241",
"datePublished": "2024-07-15T17:17:01.679Z",
"dateReserved": "2024-02-21T21:15:32.632Z",
"dateUpdated": "2024-08-02T00:27:59.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24697 (GCVE-0-2024-24697)
Vulnerability from cvelistv5
Published
2024-02-13 23:53
Modified
2025-05-08 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24697",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-14T05:01:00.861312Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T15:34:41.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-02-13T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.\u003cbr\u003e"
}
],
"value": "Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-471",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-471 Search Order Hijacking"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T23:53:43.589Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients - Untrusted Search Path",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24697",
"datePublished": "2024-02-13T23:53:43.589Z",
"dateReserved": "2024-01-26T22:56:14.681Z",
"dateUpdated": "2025-05-08T15:34:41.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27239 (GCVE-0-2024-27239)
Vulnerability from cvelistv5
Published
2025-02-25 20:33
Modified
2025-03-06 18:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-369 - Divide By Zero
Summary
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps and SDKs |
Version: See references < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T20:49:16.423350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T18:49:46.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS",
"Windows",
"iOS",
"Linux",
"Android"
],
"product": "Zoom Workplace Apps and SDKs",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:33:42.787Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24018/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps and SDKs - Divide By Zero",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-27239",
"datePublished": "2025-02-25T20:33:42.787Z",
"dateReserved": "2024-02-21T21:15:32.632Z",
"dateUpdated": "2025-03-06T18:49:46.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43586 (GCVE-0-2023-43586)
Vulnerability from cvelistv5
Published
2023-12-13 22:17
Modified
2024-08-02 19:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"datePublic": "2023-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"value": "Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-13T22:17:48.264Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-43586",
"datePublished": "2023-12-13T22:17:48.264Z",
"dateReserved": "2023-09-19T22:05:40.665Z",
"dateUpdated": "2024-08-02T19:44:43.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42437 (GCVE-0-2024-42437)
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-14 17:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42437",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:34:09.873943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T17:44:29.139Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:41:12.866Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42437",
"datePublished": "2024-08-14T16:41:12.866Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-14T17:44:29.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30665 (GCVE-0-2025-30665)
Vulnerability from cvelistv5
Published
2025-05-14 17:35
Modified
2025-05-14 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps for Windows |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30665",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T18:01:35.450813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T19:00:31.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Apps for Windows",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-05-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e"
}
],
"value": "NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T17:35:06.968Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25018"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps for Windows - NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-30665",
"datePublished": "2025-05-14T17:35:06.968Z",
"dateReserved": "2025-03-24T22:35:25.475Z",
"dateUpdated": "2025-05-14T19:00:31.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0149 (GCVE-0-2025-0149)
Vulnerability from cvelistv5
Published
2025-03-11 17:04
Modified
2025-03-11 19:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Summary
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Apps |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T19:18:21.457582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T19:18:34.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Apps",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"datePublic": "2025-03-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access."
}
],
"value": "Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T17:11:46.219Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25008/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Apps - Insufficient Verification of Data Authenticity",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-0149",
"datePublished": "2025-03-11T17:04:02.453Z",
"dateReserved": "2024-12-23T21:42:58.197Z",
"dateUpdated": "2025-03-11T19:18:34.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42441 (GCVE-0-2024-42441)
Vulnerability from cvelistv5
Published
2024-08-14 16:46
Modified
2024-08-16 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS |
Version: before version 6.1.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:macos_meeting_sdk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos_meeting_sdk",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42441",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T13:31:24.474262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T13:17:55.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "before version 6.1.5"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
}
],
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:46:17.936Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24034"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42441",
"datePublished": "2024-08-14T16:46:17.936Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-16T13:17:55.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39824 (GCVE-0-2024-39824)
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-14 18:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39824",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:07:03.024733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T18:07:26.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:26.880Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39824",
"datePublished": "2024-08-14T16:39:26.880Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-14T18:07:26.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49646 (GCVE-0-2023-49646)
Vulnerability from cvelistv5
Published
2023-12-13 22:19
Modified
2024-09-20 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: See references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23062/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"datePublic": "2023-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347 Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:53:41.733Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23062/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-49646",
"datePublished": "2023-12-13T22:19:26.963Z",
"dateReserved": "2023-11-28T18:18:33.930Z",
"dateUpdated": "2024-09-20T14:53:41.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0147 (GCVE-0-2025-0147)
Vulnerability from cvelistv5
Published
2025-01-30 19:49
Modified
2025-01-30 20:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Summary
Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace App for Linux |
Version: 0 < 6.2.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0147",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T20:08:31.183815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T20:08:44.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Zoom Workplace App for Linux",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "6.2.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-01-14T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eType confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e"
}
],
"value": "Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:49:00.792Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25006/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace App for Linux - Type Confusion",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-0147",
"datePublished": "2025-01-30T19:49:00.792Z",
"dateReserved": "2024-12-23T21:42:56.346Z",
"dateUpdated": "2025-01-30T20:08:44.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45424 (GCVE-0-2024-45424)
Vulnerability from cvelistv5
Published
2025-02-25 19:34
Modified
2025-02-25 19:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-840 - Business Logic Error ()
Summary
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45424",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T19:39:43.988523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:39:53.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"datePublic": "2024-09-10T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"value": "Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "Business Logic Error (CWE-840)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:34:24.811Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24036/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps - Business Logic Error",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-45424",
"datePublished": "2025-02-25T19:34:24.811Z",
"dateReserved": "2024-08-28T21:50:25.333Z",
"dateUpdated": "2025-02-25T19:39:53.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42440 (GCVE-0-2024-42440)
Vulnerability from cvelistv5
Published
2024-08-14 16:44
Modified
2024-08-14 18:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS |
Version: before version 6.1.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:macos_meeting_sdk:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "macos_meeting_sdk",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unaffected",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unaffected",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:58:35.327020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T18:06:25.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "before version 6.1.5"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
}
],
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:46:10.026Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24034"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42440",
"datePublished": "2024-08-14T16:44:46.080Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-14T18:06:25.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0144 (GCVE-0-2025-0144)
Vulnerability from cvelistv5
Published
2025-01-30 19:44
Modified
2025-01-30 21:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps |
Version: see references < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:29:34.343068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:29:47.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"MacOS",
"Windows",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "see references",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-01-14T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eOut-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e"
}
],
"value": "Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:44:06.908Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25003/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps - Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-0144",
"datePublished": "2025-01-30T19:44:06.908Z",
"dateReserved": "2024-12-23T21:42:52.889Z",
"dateUpdated": "2025-01-30T21:29:47.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24690 (GCVE-0-2024-24690)
Vulnerability from cvelistv5
Published
2024-02-14 00:00
Modified
2024-09-20 14:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1284 - Improper Validation of Specified Quantity in Input
Summary
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T18:16:12.891310Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T18:16:23.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"iOS",
"Linux",
"Android"
],
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-02-13T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e"
}
],
"value": "Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1284",
"description": "CWE-1284: Improper Validation of Specified Quantity in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:50:06.835Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Clients - Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24690",
"datePublished": "2024-02-14T00:00:04.089Z",
"dateReserved": "2024-01-26T22:56:14.680Z",
"dateUpdated": "2024-09-20T14:50:06.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43583 (GCVE-0-2023-43583)
Vulnerability from cvelistv5
Published
2023-12-13 22:08
Modified
2024-09-19 13:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-798 - Use of Hard-coded Credentials
Summary
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Mobile App for Android, Zoom Mobile App for iOS and Zoom SDK |
Version: before 5.16.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Android",
"iOS"
],
"product": "Zoom Mobile App for Android, Zoom Mobile App for iOS and Zoom SDK",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.16.0"
}
]
}
],
"datePublic": "2023-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access."
}
],
"value": "Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "CWE-798 Use of Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T13:55:21.591Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-43583",
"datePublished": "2023-12-13T22:08:42.326Z",
"dateReserved": "2023-09-19T22:05:40.665Z",
"dateUpdated": "2024-09-19T13:55:21.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45426 (GCVE-0-2024-45426)
Vulnerability from cvelistv5
Published
2025-02-25 19:39
Modified
2025-02-26 16:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Summary
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45426",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:49:09.744526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:49:25.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"datePublic": "2024-10-08T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.\u003cbr\u003e"
}
],
"value": "Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708: Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:39:48.596Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24038/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps - Incorrect Ownership Assignment",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-45426",
"datePublished": "2025-02-25T19:39:48.596Z",
"dateReserved": "2024-08-28T21:50:25.333Z",
"dateUpdated": "2025-02-26T16:49:25.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45418 (GCVE-0-2024-45418)
Vulnerability from cvelistv5
Published
2025-02-25 19:52
Modified
2025-02-25 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Summary
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Apps for macOS |
Version: 0 < 6.1.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45418",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T20:07:02.751886Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:07:09.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Apps for macOS",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-12T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:52:25.471Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24040/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Apps for macOS - Symbolic Link Following",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-45418",
"datePublished": "2025-02-25T19:52:25.471Z",
"dateReserved": "2024-08-28T21:50:25.332Z",
"dateUpdated": "2025-02-25T20:07:09.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0150 (GCVE-0-2025-0150)
Vulnerability from cvelistv5
Published
2025-03-11 17:06
Modified
2025-03-11 18:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-696 - Incorrect Behavior Order
Summary
Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps for iOS |
Version: 0 < 6.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0150",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T18:46:54.754347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T18:47:03.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "Zoom Workplace Apps for iOS",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "6.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-03-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-696",
"description": "CWE-696: Incorrect Behavior Order",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T17:06:43.951Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25009/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps for iOS - Incorrect Behavior Order",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-0150",
"datePublished": "2025-03-11T17:06:43.951Z",
"dateReserved": "2024-12-23T21:42:59.174Z",
"dateUpdated": "2025-03-11T18:47:03.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30670 (GCVE-0-2025-30670)
Vulnerability from cvelistv5
Published
2025-04-08 16:20
Modified
2025-04-08 20:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps for Windows |
Version: See references. < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T20:19:39.676032Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:20:47.470Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Apps for Windows",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references.",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-08T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e"
}
],
"value": "Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T16:20:54.607Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25015"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps for Windows - Null Pointer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-30670",
"datePublished": "2025-04-08T16:20:54.607Z",
"dateReserved": "2025-03-24T22:35:25.476Z",
"dateUpdated": "2025-04-08T20:20:47.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27246 (GCVE-0-2024-27246)
Vulnerability from cvelistv5
Published
2025-02-25 20:32
Modified
2025-02-25 21:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps and SDKs |
Version: See references < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T21:08:27.845194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T21:08:59.293Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS",
"Windows",
"iOS",
"Linux",
"Android"
],
"product": "Zoom Workplace Apps and SDKs",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:32:33.638Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24017/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps and SDKs - Use After Free",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-27246",
"datePublished": "2025-02-25T20:32:33.638Z",
"dateReserved": "2024-02-21T21:15:32.633Z",
"dateUpdated": "2025-02-25T21:08:59.293Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39823 (GCVE-0-2024-39823)
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-14 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:24:09.496617Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T17:24:16.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:13.132Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39823",
"datePublished": "2024-08-14T16:39:13.132Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-14T17:24:16.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49647 (GCVE-0-2023-49647)
Vulnerability from cvelistv5
Published
2024-01-12 21:44
Modified
2025-06-03 14:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-266 - Incorrect Privilege Assignment
Summary
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 |
Version: before 5.16.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49647",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:47:19.131957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:03:40.061Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.16.0"
}
]
}
],
"datePublic": "2024-01-09T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access."
}
],
"value": "Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266: Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:52:01.494Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Desktop Client for Windows - Improper Access Control",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-49647",
"datePublished": "2024-01-12T21:44:00.743Z",
"dateReserved": "2023-11-28T18:18:33.930Z",
"dateUpdated": "2025-06-03T14:03:40.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39822 (GCVE-0-2024-39822)
Vulnerability from cvelistv5
Published
2024-08-14 16:38
Modified
2024-08-16 19:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T19:18:36.184406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T19:18:44.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:38:03.416Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24029"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39822",
"datePublished": "2024-08-14T16:38:03.416Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-16T19:18:44.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24691 (GCVE-0-2024-24691)
Vulnerability from cvelistv5
Published
2024-02-14 00:01
Modified
2025-05-12 15:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-176 - Improper Handling of Unicode Encoding
Summary
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T15:45:19.688206Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T15:07:21.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-02-13T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.\u003cbr\u003e"
}
],
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-176",
"description": "CWE-176: Improper Handling of Unicode Encoding",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T14:48:21.535Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24691",
"datePublished": "2024-02-14T00:01:30.884Z",
"dateReserved": "2024-01-26T22:56:14.680Z",
"dateUpdated": "2025-05-12T15:07:21.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45421 (GCVE-0-2024-45421)
Vulnerability from cvelistv5
Published
2025-02-25 19:55
Modified
2025-02-25 20:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Apps |
Version: See references < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45421",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T20:08:54.319536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:09:12.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS",
"Linux",
"Windows",
"iOS",
"Android"
],
"product": "Zoom Apps",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-12T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.\u003cbr\u003e"
}
],
"value": "Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:55:02.666Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24043/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Apps - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-45421",
"datePublished": "2025-02-25T19:55:02.666Z",
"dateReserved": "2024-08-28T21:50:25.332Z",
"dateUpdated": "2025-02-25T20:09:12.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39215 (GCVE-0-2023-39215)
Vulnerability from cvelistv5
Published
2023-09-12 19:53
Modified
2024-09-27 19:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Clients |
Version: see reference |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-39215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:56:51.859251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:21:22.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom Clients",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see reference"
}
]
}
],
"datePublic": "2023-09-12T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-449",
"description": "CWE-449: The UI Performs the Wrong Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:08:23.362Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39215",
"datePublished": "2023-09-12T19:53:25.817Z",
"dateReserved": "2023-07-25T18:38:00.938Z",
"dateUpdated": "2024-09-27T19:08:23.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42439 (GCVE-0-2024-42439)
Vulnerability from cvelistv5
Published
2024-08-14 16:42
Modified
2024-08-16 13:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS |
Version: before version 6.1.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42439",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T17:06:48.542376Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T13:18:48.409Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "before version 6.1.0"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access."
}
],
"value": "Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:42:48.215Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24032"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS - Untrusted Search Path",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42439",
"datePublished": "2024-08-14T16:42:48.215Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-16T13:18:48.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39819 (GCVE-0-2024-39819)
Vulnerability from cvelistv5
Published
2024-07-15 17:27
Modified
2024-08-13 13:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-269 - Improper Privilege Management
Summary
Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps and SDK for Windows |
Version: see references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:zoom_rooms_app_for_windows:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoom_rooms_app_for_windows",
"vendor": "zoom",
"versions": [
{
"lessThan": "5.17.13",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:zoom_meeting_sdk_for_windows:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "zoom_meeting_sdk_for_windows",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T15:02:09.278175Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:25:36.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24026"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Apps and SDK for Windows",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-07-09T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access."
}
],
"value": "Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T17:27:41.216Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24026"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps and SDK for Windows - Improper Privilege Management",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39819",
"datePublished": "2024-07-15T17:27:41.216Z",
"dateReserved": "2024-06-28T19:43:03.519Z",
"dateUpdated": "2024-08-13T13:25:36.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45417 (GCVE-0-2024-45417)
Vulnerability from cvelistv5
Published
2025-02-25 19:49
Modified
2025-02-26 16:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Summary
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Apps for macOS |
Version: 0 < 6.1.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45417",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:41:05.991990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:42:11.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Apps for macOS",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "6.1.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-11-12T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708: Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:49:22.296Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24039/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Apps for macOS - Uncontrolled Resource Consumption",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-45417",
"datePublished": "2025-02-25T19:49:22.296Z",
"dateReserved": "2024-08-28T21:50:25.332Z",
"dateUpdated": "2025-02-26T16:42:11.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0146 (GCVE-0-2025-0146)
Vulnerability from cvelistv5
Published
2025-01-30 19:47
Modified
2025-01-30 21:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Summary
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace app for macOS |
Version: 0 < 6.2.10 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0146",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T21:22:34.395616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T21:22:42.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Zoom Workplace app for macOS",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "6.2.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-01-14T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eSymlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e"
}
],
"value": "Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:47:26.128Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25005/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace app for macOS - Symlink Following",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-0146",
"datePublished": "2025-01-30T19:47:26.128Z",
"dateReserved": "2024-12-23T21:42:55.340Z",
"dateUpdated": "2025-01-30T21:22:42.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45419 (GCVE-0-2024-45419)
Vulnerability from cvelistv5
Published
2024-11-19 19:28
Modified
2024-11-19 21:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-252 - Unchecked Return Value
Summary
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:zoom_meeting_sdk_for_windows:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "zoom_meeting_sdk_for_windows",
"vendor": "zoom",
"versions": [
{
"status": "affected",
"version": "6.2.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45419",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-19T21:43:54.392171Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T21:46:16.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-11-12T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"value": "Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:28:48.335Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24041"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Apps - Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-45419",
"datePublished": "2024-11-19T19:28:48.335Z",
"dateReserved": "2024-08-28T21:50:25.332Z",
"dateUpdated": "2024-11-19T21:46:16.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42434 (GCVE-0-2024-42434)
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-15 13:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T13:36:35.542410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T13:36:48.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:38.167Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42434",
"datePublished": "2024-08-14T16:39:38.167Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-15T13:36:48.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27238 (GCVE-0-2024-27238)
Vulnerability from cvelistv5
Published
2024-07-15 17:20
Modified
2024-08-02 00:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Summary
Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Apps and SDKs |
Version: before version 6.0.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "rooms",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_desktop",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0.",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:meeting_sdk:*:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "meeting_sdk",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.0.0.",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27238",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T17:58:50.579577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T14:22:32.952Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:59.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24021"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Apps and SDKs",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "before version 6.0.0"
}
]
}
],
"datePublic": "2024-07-09T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access."
}
],
"value": "Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T17:20:39.157Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Apps and SDKs - Race Condition",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-27238",
"datePublished": "2024-07-15T17:20:39.157Z",
"dateReserved": "2024-02-21T21:15:32.631Z",
"dateUpdated": "2024-08-02T00:27:59.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42436 (GCVE-0-2024-42436)
Vulnerability from cvelistv5
Published
2024-08-14 16:41
Modified
2024-08-14 18:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42436",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T18:25:38.974048Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T18:25:52.686Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:41:03.844Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42436",
"datePublished": "2024-08-14T16:41:03.844Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-14T18:25:52.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45420 (GCVE-0-2024-45420)
Vulnerability from cvelistv5
Published
2024-11-19 19:32
Modified
2024-11-20 15:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45420",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:11:13.010896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:16:27.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-11-12T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eUncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:32:02.656Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24042"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Apps - Uncontrolled Resource Consumption",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-45420",
"datePublished": "2024-11-19T19:32:02.656Z",
"dateReserved": "2024-08-28T21:50:25.332Z",
"dateUpdated": "2024-11-20T15:16:27.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45422 (GCVE-0-2024-45422)
Vulnerability from cvelistv5
Published
2024-11-19 19:45
Modified
2024-11-20 15:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "workplace_app",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:zoom:meeting_sdk:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "meeting_sdk",
"vendor": "zoom",
"versions": [
{
"lessThan": "6.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:34:52.055891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:42:40.830Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-11-12T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access."
}
],
"value": "Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T19:45:25.914Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24044"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Apps - Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-45422",
"datePublished": "2024-11-19T19:45:25.914Z",
"dateReserved": "2024-08-28T21:50:25.332Z",
"dateUpdated": "2024-11-20T15:42:40.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45425 (GCVE-0-2024-45425)
Vulnerability from cvelistv5
Published
2025-02-25 19:38
Modified
2025-02-26 16:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-286 - Incorrect User Management
Summary
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps |
Version: See references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45425",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T16:55:06.643915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T16:57:20.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references"
}
]
}
],
"datePublic": "2024-09-10T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-286",
"description": "CWE-286 Incorrect User Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T19:38:02.925Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24037/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps - Incorrect User Management",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-45425",
"datePublished": "2025-02-25T19:38:02.925Z",
"dateReserved": "2024-08-28T21:50:25.333Z",
"dateUpdated": "2025-02-26T16:57:20.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39826 (GCVE-0-2024-39826)
Vulnerability from cvelistv5
Published
2024-07-15 17:24
Modified
2024-08-02 04:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Summary
Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps and SDKs |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T14:37:53.558967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T14:38:02.895Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.038Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Apps and SDKs",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-07-09T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access."
}
],
"value": "Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T17:24:05.124Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24023"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps and SDKs - Path traversal",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-39826",
"datePublished": "2024-07-15T17:24:05.124Z",
"dateReserved": "2024-06-28T19:43:03.520Z",
"dateUpdated": "2024-08-02T04:26:16.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30666 (GCVE-0-2025-30666)
Vulnerability from cvelistv5
Published
2025-05-14 17:35
Modified
2025-05-14 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps for Windows |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30666",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T18:01:29.356909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T19:00:27.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Apps for Windows",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-05-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e"
}
],
"value": "NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T17:35:15.485Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25018"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps for Windows - NULL Pointer Dereference",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-30666",
"datePublished": "2025-05-14T17:35:15.485Z",
"dateReserved": "2025-03-24T22:35:25.475Z",
"dateUpdated": "2025-05-14T19:00:27.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43585 (GCVE-0-2023-43585)
Vulnerability from cvelistv5
Published
2023-12-13 22:15
Modified
2024-09-27 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-449 - The UI Performs the Wrong Action
Summary
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Mobile App for iOS and SDKs for iOS |
Version: before 5.16.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:44:43.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"iOS"
],
"product": "Zoom Mobile App for iOS and SDKs for iOS",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.16.0"
}
]
}
],
"datePublic": "2023-12-12T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access."
}
],
"value": "Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-449",
"description": "CWE-449: The UI Performs the Wrong Action",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:16:27.688Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-43585",
"datePublished": "2023-12-13T22:15:58.457Z",
"dateReserved": "2023-09-19T22:05:40.665Z",
"dateUpdated": "2024-09-27T19:16:27.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-46785 (GCVE-0-2025-46785)
Vulnerability from cvelistv5
Published
2025-05-14 17:41
Modified
2025-05-14 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46785",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-14T17:54:10.661112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T19:00:08.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Apps",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2025-05-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-14T17:41:06.374Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25021"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps for Windows - Buffer Over-read",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-46785",
"datePublished": "2025-05-14T17:41:06.374Z",
"dateReserved": "2025-04-29T21:24:03.394Z",
"dateUpdated": "2025-05-14T19:00:08.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-24695 (GCVE-0-2024-24695)
Vulnerability from cvelistv5
Published
2024-02-13 23:50
Modified
2025-04-10 18:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows |
Version: see references |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:11.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24002/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24695",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T18:54:56.173193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T18:55:17.333Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-02-13T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-13T23:50:22.837Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": " Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-24695",
"datePublished": "2024-02-13T23:50:22.837Z",
"dateReserved": "2024-01-26T22:56:14.681Z",
"dateUpdated": "2025-04-10T18:55:17.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42435 (GCVE-0-2024-42435)
Vulnerability from cvelistv5
Published
2024-08-14 16:39
Modified
2024-08-15 13:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications Inc. | Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers |
Version: see references |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T13:57:52.940338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T13:58:02.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android"
],
"product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
"vendor": "Zoom Communications Inc.",
"versions": [
{
"status": "affected",
"version": "see references"
}
]
}
],
"datePublic": "2024-08-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:39:46.183Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-42435",
"datePublished": "2024-08-14T16:39:46.183Z",
"dateReserved": "2024-08-01T19:13:16.137Z",
"dateUpdated": "2024-08-15T13:58:02.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30671 (GCVE-0-2025-30671)
Vulnerability from cvelistv5
Published
2025-04-08 16:21
Modified
2025-04-08 20:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps for Windows |
Version: See references. < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-30671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-08T20:13:46.501245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T20:14:04.268Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zoom Workplace Apps for Windows",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references.",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-08T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e"
}
],
"value": "Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-08T16:21:01.713Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25015"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps for Windows - Null Pointer",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-30671",
"datePublished": "2025-04-08T16:21:01.713Z",
"dateReserved": "2025-03-24T22:35:25.476Z",
"dateUpdated": "2025-04-08T20:14:04.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-39214 (GCVE-0-2023-39214)
Vulnerability from cvelistv5
Published
2023-08-08 21:38
Modified
2024-09-27 19:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-749 - Exposed Dangerous Method or Function
Summary
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom SDK's |
Version: before 5.15.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:02:06.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom SDK\u0027s",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.15.5"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of sensitive information in Zoom Client SDK\u0027s before 5.15.5 may allow an authenticated user to enable a denial of service via network access."
}
],
"value": "Exposure of sensitive information in Zoom Client SDK\u0027s before 5.15.5 may allow an authenticated user to enable a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-27T19:07:24.020Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-39214",
"datePublished": "2023-08-08T21:38:25.554Z",
"dateReserved": "2023-07-25T18:38:00.938Z",
"dateUpdated": "2024-09-27T19:07:24.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-36533 (GCVE-0-2023-36533)
Vulnerability from cvelistv5
Published
2023-08-08 17:33
Modified
2024-10-04 15:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Summary
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Video Communications, Inc. | Zoom SDK's |
Version: before 5.14.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:52:52.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-04T15:05:35.009380Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-04T15:05:48.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Zoom SDK\u0027s",
"vendor": "Zoom Video Communications, Inc.",
"versions": [
{
"status": "affected",
"version": "before 5.14.7"
}
]
}
],
"datePublic": "2023-08-08T15:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access."
}
],
"value": "Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T19:40:23.526Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2023-36533",
"datePublished": "2023-08-08T17:33:47.868Z",
"dateReserved": "2023-06-22T18:04:31.168Z",
"dateUpdated": "2024-10-04T15:05:48.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-27245 (GCVE-0-2024-27245)
Vulnerability from cvelistv5
Published
2025-02-25 20:31
Modified
2025-02-25 21:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps and SDKs |
Version: See references < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T21:08:10.777746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T21:08:19.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS",
"Windows",
"iOS",
"Linux",
"Android"
],
"product": "Zoom Workplace Apps and SDKs",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"status": "affected",
"version": "See references",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-06-11T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.\u003cbr\u003e"
}
],
"value": "Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:31:28.555Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24016/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps and SDKs - Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2024-27245",
"datePublished": "2025-02-25T20:31:28.555Z",
"dateReserved": "2024-02-21T21:15:32.633Z",
"dateUpdated": "2025-02-25T21:08:19.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0143 (GCVE-0-2025-0143)
Vulnerability from cvelistv5
Published
2025-01-30 19:42
Modified
2025-01-31 15:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zoom Communications, Inc | Zoom Workplace Apps for Linux |
Version: 0 < 6.2.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-31T15:38:27.534732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-31T15:38:36.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Zoom Workplace Apps for Linux",
"vendor": "Zoom Communications, Inc",
"versions": [
{
"lessThan": "6.2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-01-14T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eOut-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access.\u003cbr\u003e\u003c/span\u003e\u003c/b\u003e"
}
],
"value": "Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:49:23.761Z",
"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"shortName": "Zoom"
},
"references": [
{
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25002/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Zoom Workplace Apps for Linux - Out-of-bounds Write",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
"assignerShortName": "Zoom",
"cveId": "CVE-2025-0143",
"datePublished": "2025-01-30T19:42:12.816Z",
"dateReserved": "2024-12-23T21:42:49.173Z",
"dateUpdated": "2025-01-31T15:38:36.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-08-08 18:15
Modified
2024-11-21 08:14
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "86D21EBF-FC1F-4F2F-B7AB-C3E0948D8593",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "75317D4C-FE2D-44D2-A094-87049A0A294D",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "8364764A-B13B-4CB4-8354-850EF5448BCB",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "CA2B704A-A3F0-440B-9A46-22083723AE06",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "56B8E455-A5D2-4050-BC22-0057CC241F21",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F89E14EC-E5EF-4994-BA14-A867D28416D8",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C07A9F36-6B27-4DC0-8737-51C0A250791D",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "B64870D9-1253-4747-AE9D-650132EE60C4",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "69E77EA7-44E8-406B-A659-E6F5EC1C9271",
"versionEndExcluding": "5.14.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "49DC386E-7BE2-4B05-968E-640BDB451199",
"versionEndExcluding": "5.14.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Zoom SDK\u2019s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access."
}
],
"id": "CVE-2023-39217",
"lastModified": "2024-11-21T08:14:56.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T18:15:23.843",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 21:15
Modified
2025-08-20 16:10
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24016/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "6A316B51-D6F1-4F41-A970-CF0D924C6DB1",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "35EEC5E4-33B0-4907-A9AC-1DF19EFA155E",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "5154D297-6CC9-451C-A650-F377A03ACD23",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "231D14C8-FE5E-42CB-9DE7-8A9526879BE6",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "84AA4908-C729-4033-A536-2288EE6AD2A1",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "7873F707-9530-44FE-B131-89B0C7DA5E46",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9CC375E1-4E35-4F9F-86CB-C428D610B10A",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "66948E12-ED01-44A2-B0B0-A2C8C643ACFB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "8EE1E120-C0A7-4096-81A9-77F089C50938",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "B064B092-8701-4747-B23C-F37ECB8ED8A0",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "41B0A1F9-ADEA-4833-9F10-6E8A2120B7C1",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "3A87929D-F77A-42AC-8429-4E178D141729",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ABB865D5-5913-48F7-A0CC-4AD9948B2506",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E99B4057-A36A-45CA-A44F-936032C13531",
"versionEndExcluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD895266-BA2E-4A3D-81D5-6F10931F27C4",
"versionEndExcluding": "5.16.15",
"versionStartIncluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "79B517DA-F805-4735-AEB9-1197A484B44A",
"versionEndExcluding": "5.17.11",
"versionStartIncluding": "5.16.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer en algunas aplicaciones y SDK de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-27245",
"lastModified": "2025-08-20T16:10:57.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T21:15:15.013",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24016/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-14 18:15
Modified
2025-08-05 13:43
Severity ?
Summary
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25018 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A3D5AD71-8BC5-4346-B8B2-1166AD0415FF",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "390D202B-A60A-411E-8A57-0AF1C2BB0497",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A117F0E2-8079-41C5-B619-D9059A3120E4",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "63C6EF40-B762-4FE8-83AA-D9D4600A5C92",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B4CF0315-8092-424B-9254-05FF6DDDA029",
"versionEndExcluding": "6.1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "71A0CC0D-D415-46DB-B566-DB7C41A6E277",
"versionEndExcluding": "6.2.13",
"versionStartIncluding": "6.1.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D2276405-3395-4252-A140-06C9A9BDBCDB",
"versionEndExcluding": "6.3.10",
"versionStartIncluding": "6.2.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "La desreferencia de puntero NULL en algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2025-30666",
"lastModified": "2025-08-05T13:43:02.117",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
}
]
},
"published": "2025-05-14T18:15:30.447",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25018"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-04 17:36
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24039/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | video_software_development_kit | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "93A03433-CCF8-4E19-89B4-18368847FB8F",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "66BFFFB3-351E-43CE-B005-D24AB48B9584",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9B503B69-9BC0-4B91-BED9-0F2B5ACC0EC4",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF",
"versionEndExcluding": "6.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access."
},
{
"lang": "es",
"value": "El consumo descontrolado de recursos en el instalador de algunas aplicaciones de Zoom para macOS anteriores a la versi\u00f3n 6.1.5 puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-45417",
"lastModified": "2025-03-04T17:36:57.857",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T20:15:35.007",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24039/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-708"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-08 22:15
Modified
2024-11-21 08:14
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C993CD54-5D54-4979-84A7-E1B6AC13391C",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "F20636D4-1E23-4703-9574-7E68DB9F6CF4",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D48D7F93-C36E-49EC-9767-EC9604750FE7",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "C7F7B4F1-B1C5-43FB-A41B-302675CE7DBD",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "6098D0DF-2760-44A3-88C3-F120EA4F9771",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "6ADE88B6-FFDF-40CF-A262-41906B97669C",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0AE37FB8-AB87-4FCC-9D7A-375418FEE1A1",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "7DE837CD-CC55-4910-83B8-7295E544113A",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "16F58270-1E18-4FF9-BABA-895F7018D514",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "FB104E47-F37D-4B3D-8530-B87893D3AD90",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "CB71D63A-ECCB-4371-B1E3-25BF96E5D84E",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61B77771-BBE7-49A8-82C4-0DC27D3D0E97",
"versionEndExcluding": "5.15.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information in Zoom Client SDK\u0027s before 5.15.5 may allow an authenticated user to enable a denial of service via network access."
}
],
"id": "CVE-2023-39214",
"lastModified": "2024-11-21T08:14:55.807",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T22:15:10.737",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-749"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
7.2 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ED921F3E-F076-4037-BAE9-53BDC04F2A4C",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CCEE1E-F3C0-41EB-8DF2-4D3EA8600166",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C7B8981-66F8-4309-98C6-63B4665229EF",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9705C2B6-78E0-4C1A-B839-58639E7E6AED",
"versionEndExcluding": "5.16.2",
"versionStartExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD5E2981-940C-448D-8449-AD4CAB1651CA",
"versionEndExcluding": "5.17.5",
"versionStartExcluding": "5.16.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8ED34AF6-F5F5-45A1-8AF1-C85064789454",
"versionEndExcluding": "5.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.\n"
},
{
"lang": "es",
"value": "Una ruta de b\u00fasqueda que no es de confianza en algunos clientes Zoom de Windows de 32 bits puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-24697",
"lastModified": "2024-11-21T08:59:31.737",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T00:15:47.770",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-05 13:54
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24037/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "BAB2DBC4-95E2-47D1-A343-12A09D3E9D38",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "23B5BD12-AA42-47A8-9BC7-5F59B48160C9",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F9BEC072-28D9-4F55-B47D-E7EF1298CA6F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "22369469-1A7D-4130-B5AE-E76F31405B94",
"versionEndExcluding": "6.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": "La gesti\u00f3n incorrecta de usuarios en algunas aplicaciones de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-45425",
"lastModified": "2025-03-05T13:54:29.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T20:15:35.753",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24037/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-286"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ED921F3E-F076-4037-BAE9-53BDC04F2A4C",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9D60A59A-2E09-48C6-82F6-995B7ADB330A",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6C7B8981-66F8-4309-98C6-63B4665229EF",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "FDCC89D1-EB4D-496D-82C6-B0BBA942286F",
"versionEndExcluding": "5.16.12",
"versionStartExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ECD4FC8B-5FB2-4667-B92F-26F2A951EE40",
"versionEndExcluding": "5.17.5",
"versionStartExcluding": "5.16.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "BA20AF82-C1DF-4C05-91ED-F5DC1A92C0A3",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D5C425F2-9B12-4E3A-88CD-BD7AC0EEB0F6",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "5E7DB9AA-DB7D-4F3F-A7EA-A482F328F8AB",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "6E5232D6-0338-4FCC-AB49-39EA6B75B91D",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8ED34AF6-F5F5-45A1-8AF1-C85064789454",
"versionEndExcluding": "5.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access."
},
{
"lang": "es",
"value": "La autenticaci\u00f3n inadecuada en algunos clientes de Zoom puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-24698",
"lastModified": "2024-11-21T08:59:31.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T00:15:47.967",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-449"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 17:15
Modified
2025-08-01 19:11
Severity ?
Summary
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25015 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | rooms_controller | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B33EFD2F-1F24-402A-891E-4C11D40B150E",
"versionEndExcluding": "6.3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "390D202B-A60A-411E-8A57-0AF1C2BB0497",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A117F0E2-8079-41C5-B619-D9059A3120E4",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "51A72376-A363-49F2-A68B-D03BD975BFF5",
"versionEndExcluding": "6.3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBFBB899-04A6-4089-9BCD-A2DE4B748916",
"versionEndExcluding": "6.1.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD8A3DE0-D5D5-4B66-B7B2-8567EAA834BB",
"versionEndExcluding": "6.2.12",
"versionStartIncluding": "6.1.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "La desreferencia de puntero nulo en algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2025-30671",
"lastModified": "2025-08-01T19:11:04.940",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
}
]
},
"published": "2025-04-08T17:15:38.607",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25015"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:28
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24029 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | rooms_controller | * | |
| zoom | workplace | * | |
| zoom | workplace | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "3317B66C-1FBB-4F9C-BC87-8AE4A18D96EE",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D300722C-BFDD-45B5-AA62-4ADE987B1B08",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "DDDA5ACF-B421-451F-997B-3A11CA39EAD8",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "F607299C-CA29-49AE-98E6-E26DF095D649",
"versionEndExcluding": "6.0.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E6290901-6547-4AAF-89D2-D95A8AF8FA4F",
"versionEndExcluding": "6.0.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39822",
"lastModified": "2024-09-04T21:28:37.727",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:15.207",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24029"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-08 18:15
Modified
2024-11-21 08:09
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "A9D82780-92BD-436B-BB7E-F9C5F6E34FA6",
"versionEndExcluding": "5.14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "440DA9C2-5FF5-4D76-B123-2E3BA304538B",
"versionEndExcluding": "5.14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "8C294644-DF3F-4BE2-A07A-D74082F9D66A",
"versionEndExcluding": "5.14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "CCE1A3F9-2155-407A-8F35-9B543EB5CDD0",
"versionEndExcluding": "5.14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0CE354FE-9AF5-43B8-8368-5F4884EFE303",
"versionEndExcluding": "5.14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "28292A81-F997-45CE-9E71-856B86069B70",
"versionEndExcluding": "5.14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "2BC978CC-E69B-4188-AF93-7AF6A1A7125D",
"versionEndExcluding": "5.14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E95C82D8-D362-452E-A51F-6FB1C96C1C4A",
"versionEndExcluding": "5.14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "3F6BCB1C-786B-44A4-97BB-DCF66C3E7C8A",
"versionEndExcluding": "5.14.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D651A99D-AE3C-452F-A93F-FAA83FA12C71",
"versionEndExcluding": "5.14.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access."
},
{
"lang": "es",
"value": "El consumo incontrolado de recursos en los SDK de Zoom anteriores a 5.14.7 puede permitir que un usuario no autenticado habilite una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2023-36533",
"lastModified": "2024-11-21T08:09:53.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T18:15:14.037",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-13 23:15
Modified
2024-11-21 08:24
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B72243E4-AFF7-4A69-934A-1170A6EDAE0F",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F58AB464-C80F-4E2B-9F13-BE9B19E3B5BE",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D33A3D73-DB80-4376-A9EE-2905A4B0B4B7",
"versionEndExcluding": "5.14.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33411E35-8D01-42E4-85D6-0FE2C416E697",
"versionEndExcluding": "5.15.12",
"versionStartIncluding": "5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "19B08EB3-7EBF-416F-91B9-4600E47567F7",
"versionEndExcluding": "5.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access."
},
{
"lang": "es",
"value": "El path traversal en Zoom Desktop Client para Windows, Zoom VDI Client para Windows y Zoom SDK para Windows puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2023-43586",
"lastModified": "2024-11-21T08:24:26.853",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.8,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T23:15:07.660",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23059/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-04 17:36
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24040/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | video_software_development_kit | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "93A03433-CCF8-4E19-89B4-18368847FB8F",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "66BFFFB3-351E-43CE-B005-D24AB48B9584",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9B503B69-9BC0-4B91-BED9-0F2B5ACC0EC4",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF",
"versionEndExcluding": "6.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access."
},
{
"lang": "es",
"value": "El enlace simb\u00f3lico que sigue en el instalador de algunas aplicaciones de Zoom para macOS anteriores a la versi\u00f3n 6.1.5 puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-45418",
"lastModified": "2025-03-04T17:36:43.377",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T20:15:35.223",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24040/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-61"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-19 20:15
Modified
2025-08-19 14:22
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24041 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "FDAC7DED-7124-49DC-81FE-3A846C6FAC6B",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8E8DDD36-808D-4864-AA07-0760E4375FCA",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "49957FA5-35FF-40AC-B88E-A235FA00F639",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B02E0B95-F342-4D19-9C56-0ED458942E09",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6398CA4B-4E28-4004-A5AA-0FBFAC5D2D13",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "A3484384-C52C-41FF-91FC-5D0A2227CD83",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "05EFB308-185E-41CD-9E1F-A6EAB1BE3314",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7AC5BD11-4FF8-4BEA-9151-75E165750703",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "8DF64BAE-8FB5-4FB1-AA60-F34DA38B7882",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7C050E43-5F66-4F82-8725-6D4F86C2D7FC",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "78CF87EF-1F6A-4059-AA3F-C9EFAB6311E4",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F7D73FAD-D117-46F1-A30F-B373103576BB",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "1615D4AC-42A1-4A37-80E8-DD312EF7D9D3",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C11934B8-2EFA-4274-ADAD-53447B0BC972",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "70AEFFD5-918F-4046-9856-C665C2DEF4C4",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F18288EB-7820-4C47-A589-BF3DA06A75C0",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "39EF83F4-626A-43F1-9312-147F65B1EC5E",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "21D7D4E9-14DF-48CF-A9F9-A61408B59789",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "655AC669-B03B-4BDD-B578-F6F02FAD857E",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8A311271-1418-4E8C-90B5-960E37592BAE",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F401A8C2-F0DF-4EC9-B0C2-11D9EB1BED15",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "08CE31A1-63E5-4CCD-8588-CEB3B4B68A29",
"versionEndExcluding": "6.0.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C66DCB81-D040-4E51-AB22-58271A36A5DA",
"versionEndExcluding": "6.1.12",
"versionStartIncluding": "6.0.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en algunas aplicaciones de Zoom puede permitir que un usuario no autenticado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-45419",
"lastModified": "2025-08-19T14:22:03.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-19T20:15:30.973",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24041"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-252"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-29 00:01
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": " El desbordamiento del b\u00fafer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42438",
"lastModified": "2024-08-29T00:01:59.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:17.317",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 18:15
Modified
2025-08-05 13:39
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5C4A7AF1-011A-48EB-AE5F-8C8953CF8170",
"versionEndExcluding": "6.0.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "03374242-FB75-4D80-B535-6F69CFA0FC07",
"versionEndExcluding": "5.17.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9E925435-AAD4-4923-9D09-61D7906BC560",
"versionEndExcluding": "6.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access."
},
{
"lang": "es",
"value": "La gesti\u00f3n inadecuada de privilegios en el instalador de algunas aplicaciones de Zoom Workplace y SDK para Windows puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-39819",
"lastModified": "2025-08-05T13:39:36.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T18:15:04.407",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24026"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:39
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": " El desbordamiento del b\u00fafer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42437",
"lastModified": "2024-09-04T21:39:02.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:17.047",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-12 20:15
Modified
2024-11-21 08:14
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "7EAF85A9-32B3-4B5E-BA07-AC24AD522AC0",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0891B077-0FB0-4A77-B136-8076EFB8A6F7",
"versionEndExcluding": "5.14.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4EBADCC-5581-4079-A9CE-CB119D2FB616",
"versionEndExcluding": "5.15.4",
"versionStartIncluding": "5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "7DE837CD-CC55-4910-83B8-7295E544113A",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "16F58270-1E18-4FF9-BABA-895F7018D514",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "FB104E47-F37D-4B3D-8530-B87893D3AD90",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "CB71D63A-ECCB-4371-B1E3-25BF96E5D84E",
"versionEndExcluding": "5.15.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61B77771-BBE7-49A8-82C4-0DC27D3D0E97",
"versionEndExcluding": "5.15.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "Una autenticaci\u00f3n inadecuada en los clientes de Zoom puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red. "
}
],
"id": "CVE-2023-39215",
"lastModified": "2024-11-21T08:14:55.943",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-12T20:15:09.203",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-449"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 21:15
Modified
2025-08-20 16:10
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24017/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "6A316B51-D6F1-4F41-A970-CF0D924C6DB1",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "35EEC5E4-33B0-4907-A9AC-1DF19EFA155E",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "5154D297-6CC9-451C-A650-F377A03ACD23",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "231D14C8-FE5E-42CB-9DE7-8A9526879BE6",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "84AA4908-C729-4033-A536-2288EE6AD2A1",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "7873F707-9530-44FE-B131-89B0C7DA5E46",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9CC375E1-4E35-4F9F-86CB-C428D610B10A",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "66948E12-ED01-44A2-B0B0-A2C8C643ACFB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "8EE1E120-C0A7-4096-81A9-77F089C50938",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "B064B092-8701-4747-B23C-F37ECB8ED8A0",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "41B0A1F9-ADEA-4833-9F10-6E8A2120B7C1",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "3A87929D-F77A-42AC-8429-4E178D141729",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ABB865D5-5913-48F7-A0CC-4AD9948B2506",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E99B4057-A36A-45CA-A44F-936032C13531",
"versionEndExcluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD895266-BA2E-4A3D-81D5-6F10931F27C4",
"versionEndExcluding": "5.16.15",
"versionStartIncluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "79B517DA-F805-4735-AEB9-1197A484B44A",
"versionEndExcluding": "5.17.11",
"versionStartIncluding": "5.16.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "El use after free en algunas aplicaciones y SDK de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-27246",
"lastModified": "2025-08-20T16:10:43.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T21:15:15.163",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24017/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:38
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24031 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": " El desbordamiento del b\u00fafer en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42436",
"lastModified": "2024-09-04T21:38:05.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:16.790",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-28 23:59
Severity ?
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24034 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "93A03433-CCF8-4E19-89B4-18368847FB8F",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "66BFFFB3-351E-43CE-B005-D24AB48B9584",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF",
"versionEndExcluding": "6.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
},
{
"lang": "es",
"value": " La gesti\u00f3n inadecuada de privilegios en el instalador de la aplicaci\u00f3n de escritorio Zoom Workplace para macOS, Zoom Meeting SDK para macOS y Zoom Rooms Client para macOS anteriores a 6.1.5 puede permitir que un usuario privilegiado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-42440",
"lastModified": "2024-08-28T23:59:01.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:17.757",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24034"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-30 20:15
Modified
2025-07-31 19:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25002/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "3C4F07D8-FB5B-4C94-965B-EA8303E79B0F",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "6B97E992-19EB-4B47-A046-1C656E26349F",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "5ECF5B7E-9FEC-44AC-B122-E626F29A136D",
"versionEndExcluding": "6.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "Fuera de los l\u00edmites escrito en la aplicaci\u00f3n Zoom Workplace para Linux anterior a la versi\u00f3n 6.2.5 puede permitir que un usuario no autorizado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2025-0143",
"lastModified": "2025-07-31T19:43:09.920",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-30T20:15:34.050",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25002/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-30 20:15
Modified
2025-08-20 12:38
Severity ?
4.6 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25004/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A98C293E-D615-4807-B5D6-D3EACF6C2E5A",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5369DF52-B7F8-45BF-B431-747DFA54CF1E",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F57C8F45-FAE2-486D-83F4-0E938B62CBDB",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "1126B8E5-38A9-4E00-9103-6C4EFDE6D60C",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6FC0F189-0F60-4EAB-9C35-0A62F06BFAC4",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "645FDC99-C05E-4819-AA55-F9A80A98F567",
"versionEndExcluding": "6.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9E06D46C-AE61-4533-A8F7-6E6CA9830155",
"versionEndExcluding": "6.1.13",
"versionStartIncluding": "6.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access."
},
{
"lang": "es",
"value": "La ruta de b\u00fasqueda no confiable en el instalador de algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autorizado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2025-0145",
"lastModified": "2025-08-20T12:38:30.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 2.7,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-30T20:15:34.547",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25004/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-29 00:00
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24032 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local access."
},
{
"lang": "es",
"value": " Una ruta de b\u00fasqueda no confiable en el instalador de la aplicaci\u00f3n de escritorio Zoom Workplace para macOS y el SDK de Zoom Meeting para macOS anterior a 6.1.0 puede permitir que un usuario privilegiado lleve a cabo una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-42439",
"lastModified": "2024-08-29T00:00:11.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:17.530",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24032"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-30 20:15
Modified
2025-08-01 01:25
Severity ?
3.9 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
5.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Summary
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25005/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | rooms_controller | * | |
| zoom | video_software_development_kit | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9626CBBF-7026-4D81-B9DA-19C51B6158AF",
"versionEndExcluding": "6.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8F50C67D-F5C5-4657-A412-543CDAA12044",
"versionEndExcluding": "6.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "FB0BAA8F-B484-464E-A272-791F05D027BA",
"versionEndExcluding": "6.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "FAC02888-2D6B-435D-9186-D11953AC680F",
"versionEndExcluding": "6.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0DC82EFB-CE1A-42CF-85A1-8D92E50BE782",
"versionEndExcluding": "6.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access."
},
{
"lang": "es",
"value": "El enlace simb\u00f3lico que sigue en el instalador de la aplicaci\u00f3n Zoom Workplace para macOS anterior a la versi\u00f3n 6.2.10 puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"id": "CVE-2025-0146",
"lastModified": "2025-08-01T01:25:11.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 2.5,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-30T20:15:34.907",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25005/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-19 20:15
Modified
2025-08-19 14:10
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24042 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "FDAC7DED-7124-49DC-81FE-3A846C6FAC6B",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8E8DDD36-808D-4864-AA07-0760E4375FCA",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "49957FA5-35FF-40AC-B88E-A235FA00F639",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B02E0B95-F342-4D19-9C56-0ED458942E09",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6398CA4B-4E28-4004-A5AA-0FBFAC5D2D13",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "A3484384-C52C-41FF-91FC-5D0A2227CD83",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "05EFB308-185E-41CD-9E1F-A6EAB1BE3314",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7AC5BD11-4FF8-4BEA-9151-75E165750703",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "8DF64BAE-8FB5-4FB1-AA60-F34DA38B7882",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7C050E43-5F66-4F82-8725-6D4F86C2D7FC",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "78CF87EF-1F6A-4059-AA3F-C9EFAB6311E4",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0E9FA665-AB32-4140-91F9-57E2EA14D837",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F7D73FAD-D117-46F1-A30F-B373103576BB",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "1615D4AC-42A1-4A37-80E8-DD312EF7D9D3",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C11934B8-2EFA-4274-ADAD-53447B0BC972",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "70AEFFD5-918F-4046-9856-C665C2DEF4C4",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F18288EB-7820-4C47-A589-BF3DA06A75C0",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "39EF83F4-626A-43F1-9312-147F65B1EC5E",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "21D7D4E9-14DF-48CF-A9F9-A61408B59789",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "655AC669-B03B-4BDD-B578-F6F02FAD857E",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8A311271-1418-4E8C-90B5-960E37592BAE",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F401A8C2-F0DF-4EC9-B0C2-11D9EB1BED15",
"versionEndExcluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "El consumo descontrolado de recursos en algunas aplicaciones de Zoom anteriores a la versi\u00f3n 6.2.0 puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-45420",
"lastModified": "2025-08-19T14:10:52.250",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-19T20:15:31.200",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24042"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 17:15
Modified
2025-08-01 19:02
Severity ?
2.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25014 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | rooms_controller | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B33EFD2F-1F24-402A-891E-4C11D40B150E",
"versionEndExcluding": "6.3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "390D202B-A60A-411E-8A57-0AF1C2BB0497",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A117F0E2-8079-41C5-B619-D9059A3120E4",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "51A72376-A363-49F2-A68B-D03BD975BFF5",
"versionEndExcluding": "6.3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access."
},
{
"lang": "es",
"value": "La inicializaci\u00f3n insegura de variables predeterminadas en algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autenticado realice una p\u00e9rdida de integridad a trav\u00e9s del acceso local."
}
],
"id": "CVE-2025-27443",
"lastModified": "2025-08-01T19:02:03.573",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-04-08T17:15:38.113",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25014"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-14 18:15
Modified
2025-08-19 19:14
Severity ?
Summary
Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25021 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A3D5AD71-8BC5-4346-B8B2-1166AD0415FF",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "390D202B-A60A-411E-8A57-0AF1C2BB0497",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A117F0E2-8079-41C5-B619-D9059A3120E4",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "63C6EF40-B762-4FE8-83AA-D9D4600A5C92",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B4CF0315-8092-424B-9254-05FF6DDDA029",
"versionEndExcluding": "6.1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "71A0CC0D-D415-46DB-B566-DB7C41A6E277",
"versionEndExcluding": "6.2.13",
"versionStartIncluding": "6.1.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D2276405-3395-4252-A140-06C9A9BDBCDB",
"versionEndExcluding": "6.3.10",
"versionStartIncluding": "6.2.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "La sobrelectura del b\u00fafer en algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2025-46785",
"lastModified": "2025-08-19T19:14:44.837",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
}
]
},
"published": "2025-05-14T18:15:31.080",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25021"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-05 13:53
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24036/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "BAB2DBC4-95E2-47D1-A343-12A09D3E9D38",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "23B5BD12-AA42-47A8-9BC7-5F59B48160C9",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "22369469-1A7D-4130-B5AE-E76F31405B94",
"versionEndExcluding": "6.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
},
{
"lang": "es",
"value": "Un error de l\u00f3gica empresarial en algunas aplicaciones de Zoom Workplace puede permitir que un usuario no autenticado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-45424",
"lastModified": "2025-03-05T13:53:53.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T20:15:35.570",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24036/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-840"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:30
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39823",
"lastModified": "2024-09-04T21:30:22.210",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:15.437",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 21:15
Modified
2025-08-20 16:11
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24018/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "6A316B51-D6F1-4F41-A970-CF0D924C6DB1",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "35EEC5E4-33B0-4907-A9AC-1DF19EFA155E",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "5154D297-6CC9-451C-A650-F377A03ACD23",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "231D14C8-FE5E-42CB-9DE7-8A9526879BE6",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "84AA4908-C729-4033-A536-2288EE6AD2A1",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "7873F707-9530-44FE-B131-89B0C7DA5E46",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9CC375E1-4E35-4F9F-86CB-C428D610B10A",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "66948E12-ED01-44A2-B0B0-A2C8C643ACFB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "8EE1E120-C0A7-4096-81A9-77F089C50938",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "B064B092-8701-4747-B23C-F37ECB8ED8A0",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "41B0A1F9-ADEA-4833-9F10-6E8A2120B7C1",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "3A87929D-F77A-42AC-8429-4E178D141729",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ABB865D5-5913-48F7-A0CC-4AD9948B2506",
"versionEndExcluding": "5.17.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E99B4057-A36A-45CA-A44F-936032C13531",
"versionEndExcluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD895266-BA2E-4A3D-81D5-6F10931F27C4",
"versionEndExcluding": "5.16.15",
"versionStartIncluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "79B517DA-F805-4735-AEB9-1197A484B44A",
"versionEndExcluding": "5.17.11",
"versionStartIncluding": "5.16.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "El use after free en algunas aplicaciones y SDK de Zoom Workplace puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-27239",
"lastModified": "2025-08-20T16:11:09.437",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T21:15:14.863",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24018/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-369"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:32
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39824",
"lastModified": "2024-09-04T21:32:02.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:15.670",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-08-19 17:38
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25008/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "9191AC13-CDC6-48BF-8B62-9CA5F72A2706",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "FE1DAB56-3382-4E45-9D61-7E276557D71E",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7378AF1D-B12A-476A-9527-4D262D80BA7D",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "2488A629-30E3-4CE9-B1F3-48F5203D9102",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8136B6EB-805D-4865-BD5B-295BA9A3A543",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:android:*:*",
"matchCriteriaId": "1D7B662F-B35F-478C-AD72-893452D74889",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "BA154904-1652-44E4-9774-BB3CA24CF36A",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "D38173A1-A81B-426A-B95D-0C6C8C9A8F50",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ADD42918-19C1-433F-AECB-058DD39C7F02",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "FCB88131-CF4E-4A53-91A7-8C1652D6DEDB",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "705F16F1-689B-49EA-B8F2-050125BBF360",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0A987B22-C916-4211-A798-F114C5B6D31C",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E3E1781F-76DF-40A8-BFD6-053B17515844",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "9E391F06-867A-4C1F-80E6-BE6CCD857D36",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "4D7BED23-44F1-44C6-B49F-BBD05659D671",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "D0860894-FA98-41A0-94B3-94FE597A5309",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "4C6F7418-E694-47EA-B3B5-2A4F62D5F514",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6A14D9E5-5AC3-4C24-B43D-4208B364F747",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8465466C-CA25-4802-9C9E-BBD6C10F204E",
"versionEndExcluding": "6.1.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0E05E850-A15D-49A1-8632-ADA4B79E326B",
"versionEndExcluding": "6.2.10",
"versionStartIncluding": "6.1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "La verificaci\u00f3n insuficiente de la autenticidad de los datos en algunas aplicaciones de Zoom Workplace puede permitir que un usuario sin privilegios realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2025-0149",
"lastModified": "2025-08-19T17:38:05.023",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-11T17:16:17.523",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25008/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 18:15
Modified
2025-08-05 13:41
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "375EBA91-042F-4F60-9E4E-48E3E13D6C6C",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "66948E12-ED01-44A2-B0B0-A2C8C643ACFB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0CD4E04-F0AA-4BBA-90F7-4C350834177F",
"versionEndExcluding": "6.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access."
},
{
"lang": "es",
"value": "La condici\u00f3n de ejecuci\u00f3n en el instalador de algunas aplicaciones de Zoom y SDK para Windows anteriores a la versi\u00f3n 6.0.0 puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-27238",
"lastModified": "2025-08-05T13:41:14.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T18:15:03.633",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24021"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-08-28 23:58
Severity ?
6.2 (Medium) - CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24034 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "93A03433-CCF8-4E19-89B4-18368847FB8F",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "66BFFFB3-351E-43CE-B005-D24AB48B9584",
"versionEndExcluding": "6.1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "627C5DC4-6AD9-4323-BBEA-4AB6557A29BF",
"versionEndExcluding": "6.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access."
},
{
"lang": "es",
"value": " La gesti\u00f3n inadecuada de privilegios en el instalador de la aplicaci\u00f3n de escritorio Zoom Workplace para macOS, Zoom Meeting SDK para macOS y Zoom Rooms Client para macOS anteriores a 6.1.5 puede permitir que un usuario privilegiado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-42441",
"lastModified": "2024-08-28T23:58:06.960",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:17.990",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24034"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-13 23:15
Modified
2024-11-21 08:24
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "E725B855-C1FD-40B0-B5DD-164CB83D0F53",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "D09B037A-A36E-480E-A180-A2FDBB0CE130",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "76ECB323-FA2E-4C2C-9949-40A068BB46C1",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8BB16085-BEA2-4FCF-AA22-F6DD44A2E8DF",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "A454D523-527C-4910-8474-EB4CDFFE7BF6",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "BE96C026-8B39-4509-BA4F-AC224918DC8F",
"versionEndExcluding": "5.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access."
},
{
"lang": "es",
"value": "Los problemas criptogr\u00e1ficos de la aplicaci\u00f3n Zoom Mobile para Android, la aplicaci\u00f3n Zoom Mobile para iOS y los SDK de Zoom para Android e iOS anteriores a la versi\u00f3n 5.16.0 pueden permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2023-43583",
"lastModified": "2024-11-21T08:24:26.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T23:15:07.270",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23056/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 18:15
Modified
2025-08-20 15:49
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "4FE249DD-4786-4186-8721-E8288E183FC7",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E3E8D1B7-BC2F-4F87-94D8-0B84AD84BEA9",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "469E0AFF-56F3-4954-9F00-E9CD1219B46D",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "814ED344-EEDB-4DFD-B8CD-7375AE5C2892",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "375EBA91-042F-4F60-9E4E-48E3E13D6C6C",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "7873F707-9530-44FE-B131-89B0C7DA5E46",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9CC375E1-4E35-4F9F-86CB-C428D610B10A",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "66948E12-ED01-44A2-B0B0-A2C8C643ACFB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "E912DE5E-BF3D-4E73-B302-BB106AFA733D",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "E3E50584-63DB-4C50-949B-D79212E331DB",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C12B253E-09FA-443A-8B05-95C7F988D733",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "F330E04D-D575-4AD1-BB0E-BA6C3F647BCC",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0CD4E04-F0AA-4BBA-90F7-4C350834177F",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9865654B-CA09-4D71-AA0B-9546860AA9FC",
"versionEndExcluding": "5.17.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en algunas aplicaciones y SDK de Zoom puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-27241",
"lastModified": "2025-08-20T15:49:24.087",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-15T18:15:04.087",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24020"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-15 18:15
Modified
2025-08-05 13:44
Severity ?
Summary
Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "375EBA91-042F-4F60-9E4E-48E3E13D6C6C",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "C0CD4E04-F0AA-4BBA-90F7-4C350834177F",
"versionEndExcluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9865654B-CA09-4D71-AA0B-9546860AA9FC",
"versionEndExcluding": "5.17.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access."
},
{
"lang": "es",
"value": "El path traversal en Team Chat para algunas aplicaciones Zoom Workplace y SDK para Windows puede permitir que un usuario autenticado realice la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-39826",
"lastModified": "2025-08-05T13:44:47.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security@zoom.us",
"type": "Secondary"
}
]
},
"published": "2024-07-15T18:15:05.033",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24023"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:35
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42434",
"lastModified": "2024-09-04T21:35:50.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:16.270",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-15 21:15
Modified
2025-08-21 16:24
Severity ?
Summary
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "12E5BC5A-47D8-44D6-9A05-EF9786D5754B",
"versionEndExcluding": "5.17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "701C451F-13CB-478A-B1E8-D080C19533C5",
"versionEndExcluding": "15.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "B34426D5-A7CA-4343-912A-0C230CDAE928",
"versionEndExcluding": "15.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "E7A7B4A9-6672-4662-B9A1-13ED7788A818",
"versionEndExcluding": "15.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "9A444453-3819-465D-9F81-9193243B9BF3",
"versionEndExcluding": "15.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6B8231EB-203C-4283-B858-412B21799E1A",
"versionEndExcluding": "5.15.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A50BE405-B568-479B-B4C2-7F2AAE8DFBDA",
"versionEndExcluding": "5.16.15",
"versionStartIncluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7A99D7C5-5CFF-4B16-856E-3E96D93BA42F",
"versionEndExcluding": "5.17.5",
"versionStartIncluding": "5.16.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "53F4EB02-216B-41FC-BF05-4F28DBC41C0A",
"versionEndExcluding": "5.7.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C9E0BD65-CAAE-4589-811C-4ACE63F3CC6A",
"versionEndExcluding": "5.17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "958B7AE9-3CDD-47AB-9CDB-469FD0AE3AB1",
"versionEndExcluding": "5.17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "193F2AFB-4C6A-457D-BA62-549742853649",
"versionEndExcluding": "5.17.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "2B03AF4F-6B99-4B0A-92E0-A72A063131D6",
"versionEndExcluding": "5.17.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Workplace Apps and SDK\u2019s may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer en algunas aplicaciones y SDK de Zoom Workplace puede permitir que un usuario autenticado lleve a cabo una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-27243",
"lastModified": "2025-08-21T16:24:31.327",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
}
]
},
"published": "2024-05-15T21:15:07.987",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24014/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24014/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-08-14 17:15
Modified
2024-09-04 21:36
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24030 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CCF91C03-5DC9-4AC5-AB5F-36708AD86A97",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8629FE9D-2BFF-44F5-8E66-2702BD92E2E5",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "9A8F4501-FF62-4C1B-9232-875D6B09B509",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "30C8F150-F275-423E-818C-B15B929FA006",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "603C3411-C4F4-4451-BA4B-C463EC11C707",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "2C19D307-3FE4-40A2-BEE6-C04B71597D50",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "29182D36-6FB9-4340-A6B9-F6F81FE57443",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "E725630A-E7C2-4C15-BFFA-50EE34D3EE68",
"versionEndExcluding": "5.17.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "61AC2191-2286-4328-9E4E-2C78E1D37734",
"versionEndExcluding": "6.0.11",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": " La divulgaci\u00f3n de informaci\u00f3n confidencial en algunas aplicaciones, SDK, clientes de salas y controladores de salas de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-42435",
"lastModified": "2024-09-04T21:36:53.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-14T17:15:16.510",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-12 22:15
Modified
2024-11-21 08:33
Severity ?
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | zoom | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6283C30D-420E-4A6F-B4C3-A67923467553",
"versionEndExcluding": "5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ACB8BA0C-2FE3-4AB2-8C43-1035A95408E1",
"versionEndExcluding": "5.16.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EE4453C1-144A-4101-935E-966676895835",
"versionEndExcluding": "5.16.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D33A3D73-DB80-4376-A9EE-2905A4B0B4B7",
"versionEndExcluding": "5.14.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33411E35-8D01-42E4-85D6-0FE2C416E697",
"versionEndExcluding": "5.15.12",
"versionStartIncluding": "5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1865DF2E-65D2-4DEF-BFC5-5AC333AFF759",
"versionEndExcluding": "5.16.10",
"versionStartIncluding": "5.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en Zoom Desktop Client para Windows, Zoom VDI Client para Windows y Zoom SDK para Windows anteriores a la versi\u00f3n 5.16.10 puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2023-49647",
"lastModified": "2024-11-21T08:33:39.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-12T22:15:45.130",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-13 23:15
Modified
2024-11-21 08:24
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "E725B855-C1FD-40B0-B5DD-164CB83D0F53",
"versionEndExcluding": "5.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "921ABABB-33A6-4B83-844B-236C549B48CF",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "0141CCFA-C930-4649-8894-4B093AE63848",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C2BF4129-CA54-4ECB-9A6B-EC28445233DF",
"versionEndExcluding": "5.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en la aplicaci\u00f3n Zoom Mobile para iOS y los SDK de Zoom para iOS anteriores a la versi\u00f3n 5.16.5 puede permitir que un usuario autenticado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2023-43585",
"lastModified": "2024-11-21T08:24:26.730",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T23:15:07.463",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-449"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ED921F3E-F076-4037-BAE9-53BDC04F2A4C",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B91935BE-F245-4ADD-A206-D318618BAA1D",
"versionEndExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "FDCC89D1-EB4D-496D-82C6-B0BBA942286F",
"versionEndExcluding": "5.16.12",
"versionStartExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "19A21230-8A49-434E-840A-2FB9096B0370",
"versionEndExcluding": "5.17.0",
"versionStartExcluding": "5.16.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8ED34AF6-F5F5-45A1-8AF1-C85064789454",
"versionEndExcluding": "5.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.\n\n"
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en Zoom Desktop Client para Windows, Zoom VDI Client para Windows y Zoom Meeting SDK para Windows puede permitir que un usuario autenticado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-24696",
"lastModified": "2024-11-21T08:59:31.570",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T00:15:47.583",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24003/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B72243E4-AFF7-4A69-934A-1170A6EDAE0F",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B91935BE-F245-4ADD-A206-D318618BAA1D",
"versionEndExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "FDCC89D1-EB4D-496D-82C6-B0BBA942286F",
"versionEndExcluding": "5.16.12",
"versionStartExcluding": "5.15.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "ECD4FC8B-5FB2-4667-B92F-26F2A951EE40",
"versionEndExcluding": "5.17.5",
"versionStartExcluding": "5.16.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "19B08EB3-7EBF-416F-91B9-4600E47567F7",
"versionEndExcluding": "5.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.\n\n"
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en Zoom Desktop Client para Windows, Zoom VDI Client para Windows y Zoom Meeting SDK para Windows puede permitir que un usuario autenticado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-24695",
"lastModified": "2024-11-21T08:59:31.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T00:15:47.393",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24002/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B72243E4-AFF7-4A69-934A-1170A6EDAE0F",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9D60A59A-2E09-48C6-82F6-995B7ADB330A",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "DEC61EA8-8A9D-4E36-9B46-2B45ED1C5DB8",
"versionEndExcluding": "5.14.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "390DFFB5-7BEA-41F2-B2E1-F0FED3766C1E",
"versionEndExcluding": "5.15.12",
"versionStartExcluding": "5.14.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8B90CC0C-8000-44E1-8AA1-5E67081ECD2E",
"versionEndExcluding": "5.16.10",
"versionStartExcluding": "5.15.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "19B08EB3-7EBF-416F-91B9-4600E47567F7",
"versionEndExcluding": "5.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en Zoom Desktop Client para Windows, Zoom VDI Client para Windows y Zoom Meeting SDK para Windows puede permitir que un usuario no autenticado realice una escalada de privilegios a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-24691",
"lastModified": "2024-11-21T08:59:30.850",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T00:15:47.200",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-176"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-11-19 20:15
Modified
2025-08-19 14:08
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24044 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "FDAC7DED-7124-49DC-81FE-3A846C6FAC6B",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8E8DDD36-808D-4864-AA07-0760E4375FCA",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "49957FA5-35FF-40AC-B88E-A235FA00F639",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B02E0B95-F342-4D19-9C56-0ED458942E09",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6398CA4B-4E28-4004-A5AA-0FBFAC5D2D13",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "A3484384-C52C-41FF-91FC-5D0A2227CD83",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "05EFB308-185E-41CD-9E1F-A6EAB1BE3314",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7AC5BD11-4FF8-4BEA-9151-75E165750703",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "8DF64BAE-8FB5-4FB1-AA60-F34DA38B7882",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7C050E43-5F66-4F82-8725-6D4F86C2D7FC",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "78CF87EF-1F6A-4059-AA3F-C9EFAB6311E4",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0E9FA665-AB32-4140-91F9-57E2EA14D837",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F7D73FAD-D117-46F1-A30F-B373103576BB",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "1615D4AC-42A1-4A37-80E8-DD312EF7D9D3",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C11934B8-2EFA-4274-ADAD-53447B0BC972",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "70AEFFD5-918F-4046-9856-C665C2DEF4C4",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F18288EB-7820-4C47-A589-BF3DA06A75C0",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "39EF83F4-626A-43F1-9312-147F65B1EC5E",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "21D7D4E9-14DF-48CF-A9F9-A61408B59789",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "655AC669-B03B-4BDD-B578-F6F02FAD857E",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8A311271-1418-4E8C-90B5-960E37592BAE",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F401A8C2-F0DF-4EC9-B0C2-11D9EB1BED15",
"versionEndExcluding": "6.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en algunas aplicaciones de Zoom anteriores a la versi\u00f3n 6.2.0 puede permitir que un usuario no autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-45422",
"lastModified": "2025-08-19T14:08:46.097",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-19T20:15:31.430",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24044"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-30 20:15
Modified
2025-08-01 01:21
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25006/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | workplace_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "DF6F723D-B652-46B7-AD8F-A5FAAC477697",
"versionEndExcluding": "6.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "9B31C8CD-3CBD-4AB1-87CB-11E66696BB84",
"versionEndExcluding": "6.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C7700D44-685C-4F73-B4E2-3C81765FFE1F",
"versionEndExcluding": "6.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access."
},
{
"lang": "es",
"value": "La confusi\u00f3n de tipos en la aplicaci\u00f3n Zoom Workplace para Linux anterior a la versi\u00f3n 6.2.10 puede permitir que un usuario autorizado realice una escalada de privilegios a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2025-0147",
"lastModified": "2025-08-01T01:21:38.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-30T20:15:35.253",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25006/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-843"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-05 13:53
Severity ?
8.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24043/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "FDAC7DED-7124-49DC-81FE-3A846C6FAC6B",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8E8DDD36-808D-4864-AA07-0760E4375FCA",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "49957FA5-35FF-40AC-B88E-A235FA00F639",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B02E0B95-F342-4D19-9C56-0ED458942E09",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6398CA4B-4E28-4004-A5AA-0FBFAC5D2D13",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "0F555E18-C547-493A-A3C6-85D42B75C5C0",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "05EFB308-185E-41CD-9E1F-A6EAB1BE3314",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7AC5BD11-4FF8-4BEA-9151-75E165750703",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "8DF64BAE-8FB5-4FB1-AA60-F34DA38B7882",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "7C050E43-5F66-4F82-8725-6D4F86C2D7FC",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "78CF87EF-1F6A-4059-AA3F-C9EFAB6311E4",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0E9FA665-AB32-4140-91F9-57E2EA14D837",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F7D73FAD-D117-46F1-A30F-B373103576BB",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "1615D4AC-42A1-4A37-80E8-DD312EF7D9D3",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "C11934B8-2EFA-4274-ADAD-53447B0BC972",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "70AEFFD5-918F-4046-9856-C665C2DEF4C4",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F18288EB-7820-4C47-A589-BF3DA06A75C0",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "39EF83F4-626A-43F1-9312-147F65B1EC5E",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "21D7D4E9-14DF-48CF-A9F9-A61408B59789",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "655AC669-B03B-4BDD-B578-F6F02FAD857E",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "8A311271-1418-4E8C-90B5-960E37592BAE",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F401A8C2-F0DF-4EC9-B0C2-11D9EB1BED15",
"versionEndExcluding": "6.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A8EE3AB9-DE5E-4141-9974-C735AEEF1DF0",
"versionEndExcluding": "6.1.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access."
},
{
"lang": "es",
"value": "El desbordamiento del b\u00fafer en algunas aplicaciones de Zoom puede permitir que un usuario autenticado realice una escalada de privilegios a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-45421",
"lastModified": "2025-03-05T13:53:35.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T20:15:35.400",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24043/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-30 20:15
Modified
2025-08-20 12:36
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25003/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "24C34BE7-5D76-4269-BA59-A3F1D92AB89C",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "0FDB317B-3796-4462-99FE-4F8EA64A2B21",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "3C4F07D8-FB5B-4C94-965B-EA8303E79B0F",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "4B61C9F0-CDD7-4843-A95B-35BB013EA52E",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A98C293E-D615-4807-B5D6-D3EACF6C2E5A",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipados:*:*",
"matchCriteriaId": "031A7405-7D8F-4C3C-A03C-9DB330BB8D7D",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B74B66FB-1F90-4922-AEE8-85E07FC1D604",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "5369DF52-B7F8-45BF-B431-747DFA54CF1E",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:android:*:*",
"matchCriteriaId": "758E029E-C3E3-4F81-B916-63EEF2B52100",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "80F51FE1-8F38-4623-90C0-1A5A3F674102",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "89C3A3DC-84C0-467C-8F34-C63A497773B3",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F57C8F45-FAE2-486D-83F4-0E938B62CBDB",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:android:*:*",
"matchCriteriaId": "7CC34BFF-968F-4084-B381-D537295DD43B",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "0BD54A14-0E43-45C7-9A06-F566A01A88B5",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "6B97E992-19EB-4B47-A046-1C656E26349F",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "697C24CB-BEF7-4305-A255-2E552F7D9012",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "1126B8E5-38A9-4E00-9103-6C4EFDE6D60C",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:android:*:*",
"matchCriteriaId": "9C0D8576-B9C5-4597-B41C-33369B3B574D",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "DBBD2007-4200-485E-A7E4-88125182125F",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "5ECF5B7E-9FEC-44AC-B122-E626F29A136D",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "0E8C5ED8-5948-418B-B4E7-6D831368AF05",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "6FC0F189-0F60-4EAB-9C35-0A62F06BFAC4",
"versionEndExcluding": "6.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "645FDC99-C05E-4819-AA55-F9A80A98F567",
"versionEndExcluding": "6.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "9E06D46C-AE61-4533-A8F7-6E6CA9830155",
"versionEndExcluding": "6.1.13",
"versionStartIncluding": "6.0.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access."
},
{
"lang": "es",
"value": "Fuera de los l\u00edmites la escritura en algunas aplicaciones de Zoom Workplace puede permitir que un usuario autorizado realice una p\u00e9rdida de integridad a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2025-0144",
"lastModified": "2025-08-20T12:36:29.310",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-30T20:15:34.210",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25003/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-08 17:15
Modified
2025-08-01 19:07
Severity ?
Summary
Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25015 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | rooms_controller | * | |
| zoom | workplace_desktop | * | |
| zoom | workplace_virtual_desktop_infrastructure | * | |
| zoom | workplace_virtual_desktop_infrastructure | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B33EFD2F-1F24-402A-891E-4C11D40B150E",
"versionEndExcluding": "6.3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "390D202B-A60A-411E-8A57-0AF1C2BB0497",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A117F0E2-8079-41C5-B619-D9059A3120E4",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "51A72376-A363-49F2-A68B-D03BD975BFF5",
"versionEndExcluding": "6.3.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "EBFBB899-04A6-4089-9BCD-A2DE4B748916",
"versionEndExcluding": "6.1.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "BD8A3DE0-D5D5-4B66-B7B2-8567EAA834BB",
"versionEndExcluding": "6.2.12",
"versionStartIncluding": "6.1.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "La desreferencia de puntero nulo en algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2025-30670",
"lastModified": "2025-08-01T19:07:53.050",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
}
]
},
"published": "2025-04-08T17:15:38.413",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25015"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-08 22:15
Modified
2024-11-21 08:14
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "7724CF48-7393-46DA-88B3-CF451AE0B2D0",
"versionEndExcluding": "5.15.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access."
}
],
"id": "CVE-2023-39210",
"lastModified": "2024-11-21T08:14:55.257",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-08T22:15:10.380",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-13 23:15
Modified
2024-11-21 08:33
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | video_software_development_kit | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | virtual_desktop_infrastructure | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0105F955-25C8-4582-BD05-8BCD48BFF3D6",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAE70E1D-8C4A-4EB6-96A8-16C53DB5C79B",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D33A3D73-DB80-4376-A9EE-2905A4B0B4B7",
"versionEndExcluding": "5.14.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:virtual_desktop_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33411E35-8D01-42E4-85D6-0FE2C416E697",
"versionEndExcluding": "5.15.12",
"versionStartIncluding": "5.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F0EA451C-C4DC-48EF-A036-3EEA3E3ADD80",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C2BF4129-CA54-4ECB-9A6B-EC28445233DF",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "AD4CD81C-1F22-45CA-8AB1-D6D59E819759",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "BB9276FF-17D3-4FDB-91BB-2CE6E8BA61A0",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "19B08EB3-7EBF-416F-91B9-4600E47567F7",
"versionEndExcluding": "5.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "La autenticaci\u00f3n incorrecta en Zoom clients anteriores a la versi\u00f3n 5.16.5 puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2023-49646",
"lastModified": "2024-11-21T08:33:39.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T23:15:08.357",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23062/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-23062/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-11 18:15
Modified
2025-08-01 14:33
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25009/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | workplace | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "FE1DAB56-3382-4E45-9D61-7E276557D71E",
"versionEndExcluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "4D7BED23-44F1-44C6-B49F-BBD05659D671",
"versionEndExcluding": "6.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "El orden de comportamiento incorrecto en algunas aplicaciones de Zoom Workplace para iOS anteriores a la versi\u00f3n 6.3.0 puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2025-0150",
"lastModified": "2025-08-01T14:33:10.597",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-11T18:15:29.800",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25009/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-696"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-02-25 20:15
Modified
2025-03-04 20:43
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-24038/ | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "6E039542-3E10-4565-9543-71F50F06A933",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "BAB2DBC4-95E2-47D1-A343-12A09D3E9D38",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F82C8A03-C83C-4404-84C1-D9D4836B9982",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:ipad_os:*:*",
"matchCriteriaId": "23B5BD12-AA42-47A8-9BC7-5F59B48160C9",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "242D5F39-22FC-4304-8F36-3A0A23BDCC6E",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "A1D900AF-A23B-4D1C-BDE3-CE99DFFBDEBB",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "B497C5C3-921E-462B-91A3-58DA2F669236",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D40263F3-4A0E-418E-AF91-8AD20A957D9F",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8FE458E6-5ACB-428D-A339-D826E5EDDAD1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "65DD163F-BB0E-4BE3-9545-F379774F3AE4",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "3A34FEBC-6E74-4F03-BFA7-FD37226097F1",
"versionEndExcluding": "6.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "22369469-1A7D-4130-B5AE-E76F31405B94",
"versionEndExcluding": "6.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access."
},
{
"lang": "es",
"value": "La asignaci\u00f3n de propiedad incorrecta en algunas aplicaciones de Zoom Workplace puede permitir que un usuario privilegiado realice una divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-45426",
"lastModified": "2025-03-04T20:43:35.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-02-25T20:15:35.927",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24038/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-708"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 00:15
Modified
2024-11-21 08:59
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zoom | meeting_software_development_kit | * | |
| zoom | rooms | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | vdi_windows_meeting_clients | * | |
| zoom | video_software_development_kit | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * | |
| zoom | zoom | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B72243E4-AFF7-4A69-934A-1170A6EDAE0F",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61CCEE1E-F3C0-41EB-8DF2-4D3EA8600166",
"versionEndExcluding": "5.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "DEC61EA8-8A9D-4E36-9B46-2B45ED1C5DB8",
"versionEndExcluding": "5.14.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "390DFFB5-7BEA-41F2-B2E1-F0FED3766C1E",
"versionEndExcluding": "5.15.12",
"versionStartExcluding": "5.14.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "8B90CC0C-8000-44E1-8AA1-5E67081ECD2E",
"versionEndExcluding": "5.16.10",
"versionStartExcluding": "5.15.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "F58AB464-C80F-4E2B-9F13-BE9B19E3B5BE",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*",
"matchCriteriaId": "F0EA451C-C4DC-48EF-A036-3EEA3E3ADD80",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "C2BF4129-CA54-4ECB-9A6B-EC28445233DF",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "AD4CD81C-1F22-45CA-8AB1-D6D59E819759",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "BB9276FF-17D3-4FDB-91BB-2CE6E8BA61A0",
"versionEndExcluding": "5.16.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "19B08EB3-7EBF-416F-91B9-4600E47567F7",
"versionEndExcluding": "5.16.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "Una validaci\u00f3n de entrada incorrecta en algunos clientes de Zoom puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2024-24690",
"lastModified": "2024-11-21T08:59:30.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@zoom.us",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-14T00:15:47.000",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "security@zoom.us",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-14 18:15
Modified
2025-08-05 13:44
Severity ?
Summary
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@zoom.us | https://www.zoom.com/en/trust/security-bulletin/zsb-25018 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A3D5AD71-8BC5-4346-B8B2-1166AD0415FF",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "390D202B-A60A-411E-8A57-0AF1C2BB0497",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:rooms_controller:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "A117F0E2-8079-41C5-B619-D9059A3120E4",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "63C6EF40-B762-4FE8-83AA-D9D4600A5C92",
"versionEndExcluding": "6.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "B4CF0315-8092-424B-9254-05FF6DDDA029",
"versionEndExcluding": "6.1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "71A0CC0D-D415-46DB-B566-DB7C41A6E277",
"versionEndExcluding": "6.2.13",
"versionStartIncluding": "6.1.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D2276405-3395-4252-A140-06C9A9BDBCDB",
"versionEndExcluding": "6.3.10",
"versionStartIncluding": "6.2.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access."
},
{
"lang": "es",
"value": "La desreferencia de puntero NULL en algunas aplicaciones de Zoom Workplace para Windows puede permitir que un usuario autenticado realice una denegaci\u00f3n de servicio a trav\u00e9s del acceso a la red."
}
],
"id": "CVE-2025-30665",
"lastModified": "2025-08-05T13:44:21.007",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zoom.us",
"type": "Secondary"
}
]
},
"published": "2025-05-14T18:15:30.317",
"references": [
{
"source": "security@zoom.us",
"tags": [
"Vendor Advisory"
],
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25018"
}
],
"sourceIdentifier": "security@zoom.us",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "security@zoom.us",
"type": "Secondary"
}
]
}