CVE-2022-36928

MEDIUM

Zoom < 5.13.0 - Path Traversal

Title source: rule

Description

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.

References (1)

[Vendor Advisory] https://explore.zoom.us/en/trust/security/security-bulletin/

Scores

CVSS v3 6.1

EPSS 0.0025

EPSS Percentile 48.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22 CWE-35

Status published

Products (1)

zoom/zoom < 5.13.0

Published Jan 09, 2023

Tracked Since Feb 18, 2026