Information disclosure in Zoom Meetings
CVE-2022-28764
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the u…
Vulnerability class: Information Disclosure
EPSS: 0.003 (18.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 3.3 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Zoom Meetings
- Zoom Rooms
- Zoom Vdi_windows_meeting_clients
- Zoom Video Communications Inc Client For Meetings (For Android, Ios, Linux, Macos, And Windows) — versions unspecified
- Zoom Video Communications Inc Rooms For Conference Room (For Android, Ios, Linux, Macos, And Windows) — versions unspecified
- Zoom Video Communications Inc Vdi Windows Meeting Clients — versions unspecified
Weakness classification (CWE)
References
- security@zoom.us (Vendor Advisory)
Frequently asked questions
- What is CVE-2022-28764?
- CVE-2022-28764 is a low-severity vulnerability in Zoom Meetings, classified under Information Disclosure. CVSS score: 3.3/10. Published 2022-11-14.
- How severe is CVE-2022-28764?
- Low severity. CVSS v3 base score is 3.3 out of 10.