Lucene search

ZoomCVELIST:CVE-2023-39217

HistoryAug 08, 2023 - 5:49 p.m.

CVE-2023-39217

2023-08-0817:49:38

CWE-20

Zoom

www.cve.org

improper input validation

zoom sdk

unauthenticated user

denial of service

network access

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

20.5%

JSON

Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Zoom SDK's",
    "vendor": "Zoom Video Communications, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "before 5.14.10"
      }
    ]
  }
]

References

explore.zoom.us/en/trust/security/security-bulletin/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

0.001 Low

EPSS

Percentile

20.5%

JSON

Related for CVELIST:CVE-2023-39217