CVE-2024-39822

EPSS 0.43%
Veröffentlicht 14.08.2024 17:15:15
Zuletzt bearbeitet 04.09.2024 21:28:37
Quelle security@zoom.us
Teams Watchlist Login
Unerledigt Login

Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zoom ≫ Meeting Software Development Kit SwPlatformandroid Version < 6.0.12

Zoom ≫ Meeting Software Development Kit SwPlatformiphone_os Version < 6.0.12

Zoom ≫ Rooms SwPlatformipados Version < 6.1.0

Zoom ≫ Rooms SwPlatformmacos Version < 6.1.0

Zoom ≫ Rooms SwPlatformwindows Version < 6.1.0

Zoom ≫ Rooms Controller SwPlatformandroid Version < 6.1.0

Zoom ≫ Rooms Controller SwPlatformlinux Version < 6.1.0

Zoom ≫ Rooms Controller SwPlatformmacos Version < 6.1.0

Zoom ≫ Rooms Controller SwPlatformwindows Version < 6.1.0

Zoom ≫ Workplace SwPlatformandroid Version < 6.0.12

Zoom ≫ Workplace SwPlatformiphone_os Version < 6.0.12

Zoom ≫ Workplace Desktop SwPlatformlinux Version < 6.0.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.618

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@zoom.us	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.zoom.com/en/trust/security-bulletin/zsb-24029

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-39822

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39822

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39822

EUVD