CVE-2024-39818

HIGH

Zoom Rooms < 6.0.0 - Insufficiently Protected Credentials

Title source: rule

Description

Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.

References (1)

[Vendor Advisory] https://www.zoom.com/en/trust/security-bulletin/zsb-24022

Scores

CVSS v3 7.5

EPSS 0.0077

EPSS Percentile 73.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (9)

zoom/rooms < 6.0.0

zoom/workplace < 6.0.0

zoom/workplace_desktop < 6.0.0

zoom/workplace_virtual_desktop_infrastructure < 5.17.13

Timeline

Published Aug 14, 2024

Tracked Since Feb 18, 2026