Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers by Zoom Communications Inc.

    CVE-2024-45422 (GCVE-0-2024-45422)

    Vulnerability from nvd – Published: 2024-11-19 19:45 – Updated: 2024-11-20 15:42
    VLAI
    Title
    Zoom Apps - Improper Input Validation
    Summary
    Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers Affected: see references
    Create a notification for this product.
    zoom workplace_app Affected: 0 , < 6.2.0 (custom)
        cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zoom meeting_sdk Affected: 0 , < 6.2.0 (custom)
        cpe:2.3:a:zoom:meeting_sdk:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-12 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "workplace_app",
                "vendor": "zoom",
                "versions": [
                  {
                    "lessThan": "6.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:zoom:meeting_sdk:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "meeting_sdk",
                "vendor": "zoom",
                "versions": [
                  {
                    "lessThan": "6.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45422",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:34:52.055891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:42:40.830Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access."
                }
              ],
              "value": "Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-19T19:45:25.914Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24044"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Apps - Improper Input Validation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-45422",
        "datePublished": "2024-11-19T19:45:25.914Z",
        "dateReserved": "2024-08-28T21:50:25.332Z",
        "dateUpdated": "2024-11-20T15:42:40.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45420 (GCVE-0-2024-45420)

    Vulnerability from nvd – Published: 2024-11-19 19:32 – Updated: 2024-11-20 15:16
    VLAI
    Title
    Zoom Apps - Uncontrolled Resource Consumption
    Summary
    Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Date Public
    2024-11-12 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:11:13.010896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:16:27.856Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eUncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-19T19:32:02.656Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24042"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Apps - Uncontrolled Resource Consumption",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-45420",
        "datePublished": "2024-11-19T19:32:02.656Z",
        "dateReserved": "2024-08-28T21:50:25.332Z",
        "dateUpdated": "2024-11-20T15:16:27.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45419 (GCVE-0-2024-45419)

    Vulnerability from nvd – Published: 2024-11-19 19:28 – Updated: 2024-11-19 21:46
    VLAI
    Title
    Zoom Apps - Improper Input Validation
    Summary
    Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers Affected: see references
    Create a notification for this product.
    zoom zoom_meeting_sdk_for_windows Affected: 6.2.0
        cpe:2.3:a:zoom:zoom_meeting_sdk_for_windows:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-12 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:zoom:zoom_meeting_sdk_for_windows:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "zoom_meeting_sdk_for_windows",
                "vendor": "zoom",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.2.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45419",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T21:43:54.392171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T21:46:16.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
                }
              ],
              "value": "Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-252",
                  "description": "CWE-252 Unchecked Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-19T19:28:48.335Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24041"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Apps - Improper Input Validation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-45419",
        "datePublished": "2024-11-19T19:28:48.335Z",
        "dateReserved": "2024-08-28T21:50:25.332Z",
        "dateUpdated": "2024-11-19T21:46:16.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42438 (GCVE-0-2024-42438)

    Vulnerability from nvd – Published: 2024-08-14 16:41 – Updated: 2024-08-16 20:05
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow
    Summary
    Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42438",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-16T20:04:49.519001Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T20:05:07.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
                }
              ],
              "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T16:41:18.732Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-42438",
        "datePublished": "2024-08-14T16:41:18.732Z",
        "dateReserved": "2024-08-01T19:13:16.137Z",
        "dateUpdated": "2024-08-16T20:05:07.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42437 (GCVE-0-2024-42437)

    Vulnerability from nvd – Published: 2024-08-14 16:41 – Updated: 2024-08-14 17:44
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow
    Summary
    Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42437",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T17:34:09.873943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T17:44:29.139Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
                }
              ],
              "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T16:41:12.866Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-42437",
        "datePublished": "2024-08-14T16:41:12.866Z",
        "dateReserved": "2024-08-01T19:13:16.137Z",
        "dateUpdated": "2024-08-14T17:44:29.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42436 (GCVE-0-2024-42436)

    Vulnerability from nvd – Published: 2024-08-14 16:41 – Updated: 2024-08-14 18:25
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow
    Summary
    Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42436",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T18:25:38.974048Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T18:25:52.686Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
                }
              ],
              "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T16:41:03.844Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-42436",
        "datePublished": "2024-08-14T16:41:03.844Z",
        "dateReserved": "2024-08-01T19:13:16.137Z",
        "dateUpdated": "2024-08-14T18:25:52.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42435 (GCVE-0-2024-42435)

    Vulnerability from nvd – Published: 2024-08-14 16:39 – Updated: 2024-08-15 13:58
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure
    Summary
    Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42435",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T13:57:52.940338Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-15T13:58:02.205Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
                }
              ],
              "value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T16:39:46.183Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Sensitive Information Exposure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-42435",
        "datePublished": "2024-08-14T16:39:46.183Z",
        "dateReserved": "2024-08-01T19:13:16.137Z",
        "dateUpdated": "2024-08-15T13:58:02.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42434 (GCVE-0-2024-42434)

    Vulnerability from nvd – Published: 2024-08-14 16:39 – Updated: 2025-10-07 13:15
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization
    Summary
    Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42434",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T13:36:35.542410Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-07T13:15:09.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
                }
              ],
              "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T20:53:49.416Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Missing Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-42434",
        "datePublished": "2024-08-14T16:39:38.167Z",
        "dateReserved": "2024-08-01T19:13:16.137Z",
        "dateUpdated": "2025-10-07T13:15:09.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39824 (GCVE-0-2024-39824)

    Vulnerability from nvd – Published: 2024-08-14 16:39 – Updated: 2025-10-02 20:51
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization
    Summary
    Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39824",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T18:07:03.024733Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T18:07:26.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
                }
              ],
              "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T20:51:37.705Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Missing Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-39824",
        "datePublished": "2024-08-14T16:39:26.880Z",
        "dateReserved": "2024-06-28T19:43:03.519Z",
        "dateUpdated": "2025-10-02T20:51:37.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39823 (GCVE-0-2024-39823)

    Vulnerability from nvd – Published: 2024-08-14 16:39 – Updated: 2025-10-02 20:49
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization
    Summary
    Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T17:24:09.496617Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T17:24:16.206Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
                }
              ],
              "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T20:49:49.959Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Missing Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-39823",
        "datePublished": "2024-08-14T16:39:13.132Z",
        "dateReserved": "2024-06-28T19:43:03.519Z",
        "dateUpdated": "2025-10-02T20:49:49.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39822 (GCVE-0-2024-39822)

    Vulnerability from nvd – Published: 2024-08-14 16:38 – Updated: 2024-08-16 19:18
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure
    Summary
    Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39822",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-16T19:18:36.184406Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T19:18:44.815Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
                }
              ],
              "value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T16:38:03.416Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24029"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Sensitive Information Exposure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-39822",
        "datePublished": "2024-08-14T16:38:03.416Z",
        "dateReserved": "2024-06-28T19:43:03.519Z",
        "dateUpdated": "2024-08-16T19:18:44.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45422 (GCVE-0-2024-45422)

    Vulnerability from cvelistv5 – Published: 2024-11-19 19:45 – Updated: 2024-11-20 15:42
    VLAI
    Title
    Zoom Apps - Improper Input Validation
    Summary
    Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers Affected: see references
    Create a notification for this product.
    zoom workplace_app Affected: 0 , < 6.2.0 (custom)
        cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*
    Create a notification for this product.
    zoom meeting_sdk Affected: 0 , < 6.2.0 (custom)
        cpe:2.3:a:zoom:meeting_sdk:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-12 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:zoom:workplace_app:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "workplace_app",
                "vendor": "zoom",
                "versions": [
                  {
                    "lessThan": "6.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:zoom:meeting_sdk:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "meeting_sdk",
                "vendor": "zoom",
                "versions": [
                  {
                    "lessThan": "6.2.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45422",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:34:52.055891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:42:40.830Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access."
                }
              ],
              "value": "Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-19T19:45:25.914Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24044"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Apps - Improper Input Validation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-45422",
        "datePublished": "2024-11-19T19:45:25.914Z",
        "dateReserved": "2024-08-28T21:50:25.332Z",
        "dateUpdated": "2024-11-20T15:42:40.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45420 (GCVE-0-2024-45420)

    Vulnerability from cvelistv5 – Published: 2024-11-19 19:32 – Updated: 2024-11-20 15:16
    VLAI
    Title
    Zoom Apps - Uncontrolled Resource Consumption
    Summary
    Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    Assigner
    Date Public
    2024-11-12 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45420",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T15:11:13.010896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T15:16:27.856Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cspan style=\"background-color: rgb(247, 247, 248);\"\u003eUncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.\u003c/span\u003e\u003cbr\u003e"
                }
              ],
              "value": "Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400 Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-19T19:32:02.656Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24042"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Apps - Uncontrolled Resource Consumption",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-45420",
        "datePublished": "2024-11-19T19:32:02.656Z",
        "dateReserved": "2024-08-28T21:50:25.332Z",
        "dateUpdated": "2024-11-20T15:16:27.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45419 (GCVE-0-2024-45419)

    Vulnerability from cvelistv5 – Published: 2024-11-19 19:28 – Updated: 2024-11-19 21:46
    VLAI
    Title
    Zoom Apps - Improper Input Validation
    Summary
    Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Zoom Communications Inc. Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers Affected: see references
    Create a notification for this product.
    zoom zoom_meeting_sdk_for_windows Affected: 6.2.0
        cpe:2.3:a:zoom:zoom_meeting_sdk_for_windows:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-11-12 13:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:zoom:zoom_meeting_sdk_for_windows:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "zoom_meeting_sdk_for_windows",
                "vendor": "zoom",
                "versions": [
                  {
                    "status": "affected",
                    "version": "6.2.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45419",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-19T21:43:54.392171Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-19T21:46:16.379Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-11-12T13:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
                }
              ],
              "value": "Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-252",
                  "description": "CWE-252 Unchecked Return Value",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-19T19:28:48.335Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24041"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Apps - Improper Input Validation",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-45419",
        "datePublished": "2024-11-19T19:28:48.335Z",
        "dateReserved": "2024-08-28T21:50:25.332Z",
        "dateUpdated": "2024-11-19T21:46:16.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42438 (GCVE-0-2024-42438)

    Vulnerability from cvelistv5 – Published: 2024-08-14 16:41 – Updated: 2024-08-16 20:05
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow
    Summary
    Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42438",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-16T20:04:49.519001Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T20:05:07.811Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
                }
              ],
              "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T16:41:18.732Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-42438",
        "datePublished": "2024-08-14T16:41:18.732Z",
        "dateReserved": "2024-08-01T19:13:16.137Z",
        "dateUpdated": "2024-08-16T20:05:07.811Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42437 (GCVE-0-2024-42437)

    Vulnerability from cvelistv5 – Published: 2024-08-14 16:41 – Updated: 2024-08-14 17:44
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow
    Summary
    Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42437",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T17:34:09.873943Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T17:44:29.139Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
                }
              ],
              "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T16:41:12.866Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-42437",
        "datePublished": "2024-08-14T16:41:12.866Z",
        "dateReserved": "2024-08-01T19:13:16.137Z",
        "dateUpdated": "2024-08-14T17:44:29.139Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42436 (GCVE-0-2024-42436)

    Vulnerability from cvelistv5 – Published: 2024-08-14 16:41 – Updated: 2024-08-14 18:25
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow
    Summary
    Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42436",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T18:25:38.974048Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T18:25:52.686Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
                }
              ],
              "value": "Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T16:41:03.844Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24031"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Buffer Overflow",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-42436",
        "datePublished": "2024-08-14T16:41:03.844Z",
        "dateReserved": "2024-08-01T19:13:16.137Z",
        "dateUpdated": "2024-08-14T18:25:52.686Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42435 (GCVE-0-2024-42435)

    Vulnerability from cvelistv5 – Published: 2024-08-14 16:39 – Updated: 2024-08-15 13:58
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure
    Summary
    Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42435",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T13:57:52.940338Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-15T13:58:02.205Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
                }
              ],
              "value": "Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T16:39:46.183Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Sensitive Information Exposure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-42435",
        "datePublished": "2024-08-14T16:39:46.183Z",
        "dateReserved": "2024-08-01T19:13:16.137Z",
        "dateUpdated": "2024-08-15T13:58:02.205Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-42434 (GCVE-0-2024-42434)

    Vulnerability from cvelistv5 – Published: 2024-08-14 16:39 – Updated: 2025-10-07 13:15
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization
    Summary
    Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-42434",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-15T13:36:35.542410Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-07T13:15:09.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
                }
              ],
              "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T20:53:49.416Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Missing Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-42434",
        "datePublished": "2024-08-14T16:39:38.167Z",
        "dateReserved": "2024-08-01T19:13:16.137Z",
        "dateUpdated": "2025-10-07T13:15:09.341Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39824 (GCVE-0-2024-39824)

    Vulnerability from cvelistv5 – Published: 2024-08-14 16:39 – Updated: 2025-10-02 20:51
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization
    Summary
    Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39824",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T18:07:03.024733Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T18:07:26.505Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
                }
              ],
              "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T20:51:37.705Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Missing Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-39824",
        "datePublished": "2024-08-14T16:39:26.880Z",
        "dateReserved": "2024-06-28T19:43:03.519Z",
        "dateUpdated": "2025-10-02T20:51:37.705Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39823 (GCVE-0-2024-39823)

    Vulnerability from cvelistv5 – Published: 2024-08-14 16:39 – Updated: 2025-10-02 20:49
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization
    Summary
    Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39823",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-14T17:24:09.496617Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T17:24:16.206Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
                }
              ],
              "value": "Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-02T20:49:49.959Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24030"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Missing Authorization",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-39823",
        "datePublished": "2024-08-14T16:39:13.132Z",
        "dateReserved": "2024-06-28T19:43:03.519Z",
        "dateUpdated": "2025-10-02T20:49:49.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39822 (GCVE-0-2024-39822)

    Vulnerability from cvelistv5 – Published: 2024-08-14 16:38 – Updated: 2024-08-16 19:18
    VLAI
    Title
    Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure
    Summary
    Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Date Public
    2024-08-13 12:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39822",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-16T19:18:36.184406Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-16T19:18:44.815Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows",
                "MacOS",
                "Linux",
                "iOS",
                "Android"
              ],
              "product": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers",
              "vendor": "Zoom Communications Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "see references"
                }
              ]
            }
          ],
          "datePublic": "2024-08-13T12:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
                }
              ],
              "value": "Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-14T16:38:03.416Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-24029"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers -  Sensitive Information Exposure",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2024-39822",
        "datePublished": "2024-08-14T16:38:03.416Z",
        "dateReserved": "2024-06-28T19:43:03.519Z",
        "dateUpdated": "2024-08-16T19:18:44.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }