Improper Access Control in Zoom Mobile App for iOS and SDKs by Zoom
CVE-2023-43585

6.5MEDIUM

Key Information:

Vendor: Zoom Video Communications, Inc.
Status: Zoom Mobile App For iOS And Sdks For iOS
Vendor: CVE Published:; 13 December 2023

Summary

The improper access control vulnerability in Zoom's Mobile App for iOS and its SDKs allows authenticated users to potentially access sensitive information via network connections. This flaw affects versions prior to 5.16.5 and underscores the importance of rigorous access control measures to safeguard user data against unauthorized disclosure.

Affected Version(s)

Zoom Mobile App for iOS and SDKs for iOS iOS before 5.16.0

References

https://www.zoom.com/en/trust/security-bulletin/ZSB-23058/

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2023
Vulnerability Reserved
Sep 19, 2023