HIGH🇵🇱 Wersja polska

CVE-2022-28763

CVSS 8.8v3.1pub. 2022-10-31upd. 2024-11-21

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Zoom Meetings

    APP
    Zoom
    < 5.12.2
  • Zoom Rooms For Conference Rooms

    APP
    Zoom
    < 5.12.2
  • Zoom Virtual Desktop Infrastructure

    APP
    Zoom
    < 5.12.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-39213CRITICAL9.6ten sam produkt

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15...

CVE-2022-28755CRITICAL9.6ten sam produkt

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptib...

CVE-2021-34423CRITICAL9.8ten sam produkt

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, an...

CVE-2021-33907CRITICAL9.8ten sam produkt

The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certifica...

CVE-2023-49647HIGH8.8ten sam produkt

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Win...