CVE-2024-39822

EPSS 0.43%
Published 14.08.2024 17:15:15
Last modified 04.09.2024 21:28:37
Source security@zoom.us
Teams watchlist Login
Open Login

Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zoom ≫ Meeting Software Development Kit SwPlatformandroid Version < 6.0.12

Zoom ≫ Meeting Software Development Kit SwPlatformiphone_os Version < 6.0.12

Zoom ≫ Rooms SwPlatformipados Version < 6.1.0

Zoom ≫ Rooms SwPlatformmacos Version < 6.1.0

Zoom ≫ Rooms SwPlatformwindows Version < 6.1.0

Zoom ≫ Rooms Controller SwPlatformandroid Version < 6.1.0

Zoom ≫ Rooms Controller SwPlatformlinux Version < 6.1.0

Zoom ≫ Rooms Controller SwPlatformmacos Version < 6.1.0

Zoom ≫ Rooms Controller SwPlatformwindows Version < 6.1.0

Zoom ≫ Workplace SwPlatformandroid Version < 6.0.12

Zoom ≫ Workplace SwPlatformiphone_os Version < 6.0.12

Zoom ≫ Workplace Desktop SwPlatformlinux Version < 6.0.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.43%	0.618

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security@zoom.us	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://www.zoom.com/en/trust/security-bulletin/zsb-24029

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-39822

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-39822

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-39822

EUVD