9.6
CVE-2022-28763
- EPSS 1.3%
- Published 31.10.2022 20:15:12
- Last modified 21.11.2024 06:57:53
- Source security@zoom.us
- Teams watchlist Login
- Open Login
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.
Data is provided by the National Vulnerability Database (NVD)
Zoom ≫ Rooms For Conference Rooms SwPlatformandroid Version < 5.12.2
Zoom ≫ Rooms For Conference Rooms SwPlatformiphone_os Version < 5.12.2
Zoom ≫ Rooms For Conference Rooms SwPlatformlinux Version < 5.12.2
Zoom ≫ Rooms For Conference Rooms SwPlatformmacos Version < 5.12.2
Zoom ≫ Rooms For Conference Rooms SwPlatformwindows Version < 5.12.2
Zoom ≫ Virtual Desktop Infrastructure SwPlatformwindows Version < 5.12.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.3% | 0.79 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
|
| security@zoom.us | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.