Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    2 vulnerabilities by ZoomZoom Video Communications, Inc.

    CVE-2023-34121 (GCVE-0-2023-34121)

    Vulnerability from nvd – Published: 2023-06-13 17:42 – Updated: 2025-01-02 20:00
    VLAI
    Summary
    Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Date Public
    2023-06-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:53.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34121",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T19:59:23.228944Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:00:09.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Zoom for Windows",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Zoom Rooms Client for Windows",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Zoom VDI for Windows Meeting Clients",
              "vendor": "ZoomZoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation  in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting  clients before 5.14.0  may allow an authenticated user to potentially enable an escalation of privilege  via network access."
                }
              ],
              "value": "Improper input validation  in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting  clients before 5.14.0  may allow an authenticated user to potentially enable an escalation of privilege  via network access."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153: Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T19:34:39.015Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2023-34121",
        "datePublished": "2023-06-13T17:42:17.823Z",
        "dateReserved": "2023-05-25T22:01:29.098Z",
        "dateUpdated": "2025-01-02T20:00:09.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-34121 (GCVE-0-2023-34121)

    Vulnerability from cvelistv5 – Published: 2023-06-13 17:42 – Updated: 2025-01-02 20:00
    VLAI
    Summary
    Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    Date Public
    2023-06-13 16:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T16:01:53.417Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-34121",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-02T19:59:23.228944Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-02T20:00:09.588Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Zoom for Windows",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Zoom Rooms Client for Windows",
              "vendor": "Zoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Zoom VDI for Windows Meeting Clients",
              "vendor": "ZoomZoom Video Communications, Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 5.14.0"
                }
              ]
            }
          ],
          "datePublic": "2023-06-13T16:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper input validation  in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting  clients before 5.14.0  may allow an authenticated user to potentially enable an escalation of privilege  via network access."
                }
              ],
              "value": "Improper input validation  in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting  clients before 5.14.0  may allow an authenticated user to potentially enable an escalation of privilege  via network access."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153: Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-19T19:34:39.015Z",
            "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
            "shortName": "Zoom"
          },
          "references": [
            {
              "url": "https://explore.zoom.us/en/trust/security/security-bulletin/"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "assignerShortName": "Zoom",
        "cveId": "CVE-2023-34121",
        "datePublished": "2023-06-13T17:42:17.823Z",
        "dateReserved": "2023-05-25T22:01:29.098Z",
        "dateUpdated": "2025-01-02T20:00:09.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }