8.1
CVE-2023-39214
- EPSS 0.42%
- Published 08.08.2023 22:15:10
- Last modified 21.11.2024 08:14:55
- Source security@zoom.us
- Teams watchlist Login
- Open Login
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
Data is provided by the National Vulnerability Database (NVD)
Zoom ≫ Meeting Software Development Kit SwPlatformlinux Version < 5.15.5
Zoom ≫ Meeting Software Development Kit SwPlatformmacos Version < 5.15.5
Zoom ≫ Meeting Software Development Kit SwPlatformwindows Version < 5.15.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.61 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
| security@zoom.us | 7.6 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
|
CWE-668 Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
CWE-749 Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.