← Back

CVE-2023-39217

nvd nist
Published: Aug 8, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.

Affected (10)

Zoom
2 products
Meeting Software Development Kit
Video Software Development Kit
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Zoom
Meeting Software Development Kit
Before 5.14.10
Meeting Software Development Kit
Before 5.14.10
Meeting Software Development Kit
Before 5.14.10
Meeting Software Development Kit
Before 5.14.10
Meeting Software Development Kit
Before 5.14.10
Zoom
Video Software Development Kit
Before 5.14.10
Video Software Development Kit
Before 5.14.10
Video Software Development Kit
Before 5.14.10
Video Software Development Kit
Before 5.14.10
Video Software Development Kit
Before 5.14.10

Related CWEs

CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

References (2)

Source: security@zoom.us
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.