4.9

CVE-2024-39823

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

Data is provided by the National Vulnerability Database (NVD)
ZoomMeeting Software Development Kit SwPlatformandroid Version < 6.1.0
ZoomMeeting Software Development Kit SwPlatformiphone_os Version < 6.1.0
ZoomMeeting Software Development Kit SwPlatformmacos Version < 6.1.0
ZoomMeeting Software Development Kit SwPlatformwindows Version < 6.1.0
ZoomRooms SwPlatformipados Version < 6.1.0
ZoomRooms SwPlatformmacos Version < 6.1.0
ZoomRooms SwPlatformwindows Version < 6.1.0
ZoomRooms Controller SwPlatformandroid Version < 6.1.0
ZoomRooms Controller SwPlatformlinux Version < 6.1.0
ZoomRooms Controller SwPlatformmacos Version < 6.1.0
ZoomRooms Controller SwPlatformwindows Version < 6.1.0
ZoomWorkplace SwPlatformandroid Version < 6.1.0
ZoomWorkplace SwPlatformiphone_os Version < 6.1.0
ZoomWorkplace Desktop SwPlatformlinux Version < 6.1.0
ZoomWorkplace Desktop SwPlatformmacos Version < 6.1.0
ZoomWorkplace Desktop SwPlatformwindows Version < 6.1.0
ZoomWorkplace Virtual Desktop Infrastructure SwPlatformwindows Version < 5.17.14
ZoomWorkplace Virtual Desktop Infrastructure SwPlatformwindows Version >= 6.0 < 6.0.11
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.24% 0.473
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
security@zoom.us 4.9 1.2 3.6
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.