What is the vulnerability ID for this Zoom vulnerability?

The vulnerability ID for this Zoom vulnerability is CVE-2023-22880.

What is the severity of CVE-2023-22880?

The severity of CVE-2023-22880 is high with a CVSS score of 7.5.

What is the vulnerability type of CVE-2023-22880?

CVE-2023-22880 is an information disclosure vulnerability.

How can I fix the vulnerability?

To fix the vulnerability, update Zoom for Windows clients to version 5.13.3 or later, Zoom Rooms for Windows clients to version 5.13.5 or later, and Zoom VDI for Windows clients to version 5.13.1 or later.

Vulnerability/
CVE-2023-22880

high

7.5

CWE

200

16/3/2023

27/3/2023

CVE-2023-22880: Infoleak

Q: What is the affected software?

The affected software includes Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5, and Zoom VDI for Windows clients before 5.13.1.

First published: Thu Mar 16 2023(Updated: )

Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior.

Credit: security@zoom.us

Affected Software	Affected Version	How to fix
Zoom Rooms	<5.13.3
Zoom Virtual Desktop Infrastructure	<5.13.1
Zoom Zoom	<5.13.3

Never miss a vulnerability like this again

Reference Links

https://explore.zoom.us/en/trust/security/security-bulletin/

Frequently Asked Questions

What is the vulnerability ID for this Zoom vulnerability?
The vulnerability ID for this Zoom vulnerability is CVE-2023-22880.
What is the affected software?
The affected software includes Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5, and Zoom VDI for Windows clients before 5.13.1.
What is the severity of CVE-2023-22880?
The severity of CVE-2023-22880 is high with a CVSS score of 7.5.
What is the vulnerability type of CVE-2023-22880?
CVE-2023-22880 is an information disclosure vulnerability.
How can I fix the vulnerability?
To fix the vulnerability, update Zoom for Windows clients to version 5.13.3 or later, Zoom Rooms for Windows clients to version 5.13.5 or later, and Zoom VDI for Windows clients to version 5.13.1 or later.

collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/tags
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
vendor/zoom
canonical/zoom rooms
canonical/zoom virtual desktop infrastructure
canonical/zoom zoom

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.