HIGH🇬🇧 English

CVE-2022-28763

CVSS 8.8v3.1pub. 2022-10-31upd. 2024-11-21

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Zoom Meetings

    APP
    Zoom
    < 5.12.2
  • Zoom Rooms For Conference Rooms

    APP
    Zoom
    < 5.12.2
  • Zoom Virtual Desktop Infrastructure

    APP
    Zoom
    < 5.12.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-39213CRITICAL9.6ten sam produkt

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15...

CVE-2022-28755CRITICAL9.6ten sam produkt

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptib...

CVE-2021-34423CRITICAL9.8ten sam produkt

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, an...

CVE-2021-33907CRITICAL9.8ten sam produkt

The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certifica...

CVE-2023-49647HIGH8.8ten sam produkt

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Win...