3.3

CVE-2022-28764

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.

Data is provided by the National Vulnerability Database (NVD)
ZoomMeetings SwPlatformandroid Version < 5.12.6
ZoomMeetings SwPlatformiphone_os Version < 5.12.6
ZoomMeetings SwPlatformlinux Version < 5.12.6
ZoomMeetings SwPlatformmacos Version < 5.12.6
ZoomMeetings SwPlatformwindows Version < 5.12.6
ZoomRooms SwPlatformandroid Version < 5.12.6
ZoomRooms SwPlatformiphone_os Version < 5.12.6
ZoomRooms SwPlatformlinux Version < 5.12.6
ZoomRooms SwPlatformmacos Version < 5.12.6
ZoomRooms SwPlatformwindows Version < 5.12.6
ZoomVdi Windows Meeting Clients Version < 5.12.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.09% 0.269
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@zoom.us 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-459 Incomplete Cleanup

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.