vulnerability

Zoom: CVE-2022-22784: Improper XML Parsing in Zoom Client for Meetings

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:S/C:P/I:P/A:N)	May 18, 2022	Mar 22, 2023	Apr 3, 2023

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:N)

Published

May 18, 2022

Added

Mar 22, 2023

Modified

Apr 3, 2023

Description

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving user’s client perform a variety of actions. This issue could be used in a more sophisticated attack to forge XMPP messages from the server.

Solution

zoom-upgrade-to-latest

References

CVE-2022-22784
https://attackerkb.com/topics/CVE-2022-22784

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today