KLA12539
Multiple vulnerabilities in Zoom

Updated: 05/19/2022
Detect date
?
05/17/2022
Severity
?
High
Description

Multiple vulnerabilities were found in Zoom. Malicious users can exploit these vulnerabilities to gain privileges, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Insufficient hostname validation vulnerability can be exploited remotely to gain privileges.
  2. Security vulnerability can be exploited to bypass security restrictions.
  3. Improperly constrained session cookies vulnerability can be exploited remotely to gain privileges.
  4. Improper XML Parsing can be exploited remotely to execute arbitrary code.
Affected products

Zoom for Windows earlier than 5.10.0

Solution

Update to the latest version
Download Zoom

Original advisories

Zoom Security Bulletin

Impacts
?
ACE 
[?]

SB 
[?]

PE 
[?]
Related products
Zoom MSI
CVE-IDS
?
CVE-2022-227875.0Critical
CVE-2022-227865.0Critical
CVE-2022-227855.0Critical
CVE-2022-227845.0Critical
Find out the statistics of the vulnerabilities spreading in your region