Zoom Clients - Business Logic Error
- ZSB-24006
- CVE-2024-24699
- Medium
- 6.5
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Business logic error with in-meeting chat for some Zoom clients may allow an authenticated user to conduct information disclosure via network access.
Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.
- Zoom Desktop Client for Windows before version 5.16.5
- Zoom Desktop Client for macOS before version 5.16.5
- Zoom Desktop Client for Linux before version 5.16.5
- Zoom VDI Client for Windows before version 5.17.5 (excluding 5.15.15 and 5.16.10)
- Zoom Mobile App for Android before version 5.16.5
- Zoom Mobile App for iOS before version 5.16.5
- Zoom Rooms Clients before version 5.17.0
- Zoom Meeting SDKs before version 5.16.5
Reported by Zoom Offensive Security.
| Revision | Date | Description |
|---|---|---|
| 1.0 | 02/13/2024 | Initial publication. |