How severe is CVE-2022-22784?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2022-22784?

This is classified as CWE-91, which is a common weakness in software security.

CVE-2022-22784 - HIGH Severity | CVSS 8.1

Vulnerability Description

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.

Related Vulnerabilities

CVE-2019-0268

HIGH

CVSS:8.1(High)

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an XML document accepted from an untrusted source.

CWE-912019

CVE-2024-28109

HIGH

CVSS:8.1(High)

veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution (RCE) vulnerability. This ...

CWE-912024

CVE-2024-47113

HIGH

CVSS:8.1(High)

IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker t...

CWE-912024

CVE-2025-25589

HIGH

CVSS:8.1(High)

An XML external entity (XXE) injection vulnerability in the component /weixin/aes/XMLParse.java of yimioa before v2024.07.04 allows attackers to execute arbitrary code via supplying a crafted XML file...

CWE-912025

CVE-2020-6271

HIGH

CVSS:8.2(High)

SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and rea...

CWE-912020

CVE-2022-2458

HIGH

CVSS:8.2(High)

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an ...

CWE-912022