Unauthorized Information Disclosure via Network Access
CVE-2024-45419

8.1HIGH

Key Information:

Vendor: Zoom
Status: Zoom Workplace Apps, Sdks, Rooms Clients, And Rooms Controllers
Vendor: CVE Published:; 19 November 2024

Summary

The vulnerability results from inadequate input validation within certain Zoom Apps, potentially enabling unauthenticated users to access sensitive information through network exploitation. This can lead to unauthorized data exposure, posing a significant risk to user privacy and security. It is essential for users and administrators to ensure that they are using the latest versions of affected Zoom Apps to mitigate this risk.

Affected Version(s)

Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers Windows see references

References

https://www.zoom.com/en/trust/security-bulletin/zsb-24041

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2024
Vulnerability Reserved
Aug 28, 2024

Collectors

NVD DatabaseMitre Database