Business Logic Flaw in Zoom Workplace Apps Exposes Sensitive Information
CVE-2024-45424

5.3MEDIUM

Key Information:

Vendor: Zoom Communications, Inc
Status: Zoom Workplace Apps
Vendor: CVE Published:; 25 February 2025

Summary

A business logic error has been identified in certain versions of Zoom Workplace Apps that could potentially allow unauthorized users to access and disclose sensitive information over the network. This vulnerability emphasizes the importance of secure coding practices and thorough testing to mitigate potential risks associated with unverified access. Organizations are encouraged to apply updates promptly and review their security measures to protect against unauthorized information disclosure.

Affected Version(s)

Zoom Workplace Apps Windows See references

References

https://www.zoom.com/en/trust/security-bulletin/zsb-24036/

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Aug 28, 2024