Client-Side Security Vulnerability in Zoom Clients
CVE-2023-36535

7.1HIGH

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Clients
Vendor: CVE Published:; 8 August 2023

Summary

A security flaw in the Zoom client prior to version 5.14.10 permits authenticated users to unintentionally expose confidential information through network access. This vulnerability showcases inadequate client-side enforcement of server-side security protocols, raising concerns about the integrity of user data transmitted via the application. Users of affected versions are advised to update to the latest version to safeguard their information.

Affected Version(s)

Zoom Clients before 5.14.10

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jun 22, 2023