CVE-2022-22785

CRITICAL Year: 2022
CVSS v3 Score
9.1
Critical
CVSS v2 Score
6.4
Medium
Weakness Type
CWE-565
View all →

Vulnerability Description

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly constrain client session cookies to Zoom domains. This issue could be used in a more sophisticated attack to send an unsuspecting users Zoom-scoped session cookies to a non-Zoom domain. This could potentially allow for spoofing of a Zoom user.

Related Vulnerabilities

CVE-2012-5631

HIGH
CVSS:8.8(High)

ipa 3.0 does not properly check server identity before sending credential containing cookies

CWE-5652012

CVE-2017-6896

HIGH
CVSS:8.8(High)

Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session ...

CWE-5652017

CVE-2021-33842

HIGH
CVSS:8.8(High)

Improper Authentication vulnerability in the cookie parameter of Circutor SGE-PLC1000 firmware version 0.9.2b allows an attacker to perform operations as an authenticated user. In order to exploit thi...

CWE-5652021

CVE-2022-30620

HIGH
CVSS:8.8(High)

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". Ad...

CWE-5652022

CVE-2023-32725

HIGH
CVSS:8.8(High)

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particula...

CWE-5652023

CVE-2024-22186

HIGH
CVSS:8.8(High)

The application suffers from a privilege escalation vulnerability. An attacker logged in as guest can escalate his privileges by poisoning the cookie to become administrator.

CWE-5652024