Sensitive Information Exposure in Zoom Client SDK Prior to Version 5.15.5
CVE-2023-39214

8.1HIGH

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Sdk's
Vendor: CVE Published:; 8 August 2023

Summary

The Zoom Client SDK, prior to version 5.15.5, has a vulnerability that may expose sensitive information to authenticated users. This exposure could potentially allow an attacker to execute a denial of service attack through network access, compromising the integrity and availability of the application. It is crucial for users to upgrade to the latest version to mitigate this risk and protect their sensitive data.

Affected Version(s)

Zoom SDK's before 5.15.5

References

https://explore.zoom.us/en/trust/security/security-bulletin/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 25, 2023