Vulnerabilites related to apache - openmeetings
Vulnerability from fkie_nvd
Published
2017-10-12 18:29
Modified
2024-11-21 02:59
Severity ?
Summary
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://openmeetings.markmail.org/thread/tr47byaaopnemvne | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/94145 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openmeetings.markmail.org/thread/tr47byaaopnemvne | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94145 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C55C3FE-0D7D-4143-935C-3AF4867171FD",
"versionEndExcluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack."
},
{
"lang": "es",
"value": "Apache OpenMeetings, en versiones anteriores a la 3.1.2, es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo mediante un ataque de deserializaci\u00f3n de RMI."
}
],
"id": "CVE-2016-8736",
"lastModified": "2024-11-21T02:59:57.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-12T18:29:00.447",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openmeetings.markmail.org/thread/tr47byaaopnemvne"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://openmeetings.markmail.org/thread/tr47byaaopnemvne"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/94145"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/v6dpmrdd6cgg66up | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99584 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/v6dpmrdd6cgg66up | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99584 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 doesn\u0027t check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server."
},
{
"lang": "es",
"value": "Apache OpenMeetings versi\u00f3n 1.0.0, no comprueba el contenido de los archivos que se est\u00e1n cargando. Un atacante puede causar una denegaci\u00f3n de servicio mediante la carga de m\u00faltiples archivos grandes en el servidor."
}
],
"id": "CVE-2017-7684",
"lastModified": "2024-11-21T03:32:27.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:29.987",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/v6dpmrdd6cgg66up"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/v6dpmrdd6cgg66up"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99584"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/ctsiiqtekzsun6fi | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99586 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/ctsiiqtekzsun6fi | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99586 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 updates user password in insecure manner."
},
{
"lang": "es",
"value": "Apache OpenMeetings versi\u00f3n 1.0.0, actualiza la contrase\u00f1a de usuario de manera no confiable."
}
],
"id": "CVE-2017-7688",
"lastModified": "2024-11-21T03:32:27.997",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:30.047",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/ctsiiqtekzsun6fi"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/ctsiiqtekzsun6fi"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99586"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-28 13:15
Modified
2024-11-21 07:54
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0
Description: Attacker can elevate their privileges in any room
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9 | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0875B7CD-1D9F-4D5D-B570-4C9123055FA6",
"versionEndExcluding": "7.0.0",
"versionStartIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0\n\nDescription: Attacker can elevate their privileges in any room\n\n\n"
}
],
"id": "CVE-2023-28326",
"lastModified": "2024-11-21T07:54:50.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-03-28T13:15:07.153",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-12 08:15
Modified
2024-11-21 07:56
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker that has gained access to certain private information can use this to act as other user.
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "912F0955-80C7-4442-9054-A567D2ACEC6F",
"versionEndExcluding": "7.1.0",
"versionStartIncluding": "3.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker that has gained access to certain private information can use this to act as other user.\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0"
}
],
"id": "CVE-2023-29032",
"lastModified": "2024-11-21T07:56:25.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-12T08:15:08.930",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-12 08:15
Modified
2024-11-21 07:56
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Attacker can access arbitrary recording/room
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF56B25D-1963-404C-A110-17CF21EAC47F",
"versionEndExcluding": "7.1.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Attacker can access arbitrary recording/room\n\nVendor: The Apache Software Foundation\n\nVersions\u00a0Affected: Apache OpenMeetings from 2.0.0 before 7.1.0\n"
}
],
"id": "CVE-2023-28936",
"lastModified": "2024-11-21T07:56:15.823",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-12T08:15:08.857",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/y6vng44c22ll221rtvsv208x1pbjmdoc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/y6vng44c22ll221rtvsv208x1pbjmdoc"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-697"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/3hshl26omwjo6c5i | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99587 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/3hshl26omwjo6c5i | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99587 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection."
},
{
"lang": "es",
"value": "Apache OpenMeetings versi\u00f3n 1.0.0.0, utiliza un almacenamiento criptogr\u00e1fico no muy fuerte, el captcha no es usado en el registro y olvida los cuadros de di\u00e1logos de contrase\u00f1as, y los formularios de identificaci\u00f3n carecen de protecci\u00f3n de fuerza bruta."
}
],
"id": "CVE-2017-7673",
"lastModified": "2024-11-21T03:32:26.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:29.813",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/3hshl26omwjo6c5i"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/3hshl26omwjo6c5i"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99587"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-307"
},
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-11 14:59
Modified
2024-11-21 02:47
Severity ?
Summary
The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01C6A9F0-E6EE-4084-8DCD-F445AD181210",
"versionEndIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file."
},
{
"lang": "es",
"value": "Los m\u00e9todos de la API SOAP (1) FileService.importFileByInternalUserId y (2) FileService.importFile en Apache OpenMeetings en versiones anteriores a 3.1.1 no utiliza apropiadamente la clase URL Java sin comprobar el manejador de protocolo especificado, lo que permite a atacantes remotos leer archivos arbitrarios intentando cargar un archivo."
}
],
"id": "CVE-2016-2164",
"lastModified": "2024-11-21T02:47:56.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-11T14:59:09.410",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/537887/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537887/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-19 21:59
Modified
2024-11-21 02:49
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E738AD66-3F16-4B61-BEEC-01F457D6D03D",
"versionEndIncluding": "3.1.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el panel SWF en Apache OpenMeetings en versiones anteriores a 3.1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro swf."
}
],
"id": "CVE-2016-3089",
"lastModified": "2024-11-21T02:49:20.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-19T21:59:04.477",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/539192/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/92442"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/539192/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/92442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-11 14:59
Modified
2024-11-21 02:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01C6A9F0-E6EE-4084-8DCD-F445AD181210",
"versionEndIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Apache OpenMeetings en versiones anteriores a 3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la descripci\u00f3n de evento cuando se crea un evento."
}
],
"id": "CVE-2016-2163",
"lastModified": "2024-11-21T02:47:56.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-11T14:59:08.457",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/537888/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537888/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-11 14:59
Modified
2024-11-21 02:42
Severity ?
Summary
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01C6A9F0-E6EE-4084-8DCD-F445AD181210",
"versionEndIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en la funcionalidad Import/Export System Backups en Apache OpenMeetings en versiones anteriores a 3.1.1 permite a administradores remotos autenticados escribir en archivos arbitrarios trav\u00e9s de un .. (punto punto) en una entrada de archivo comprimido ZIP."
}
],
"id": "CVE-2016-0784",
"lastModified": "2024-11-21T02:42:22.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-11T14:59:07.347",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2016/03/25/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/537929/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"source": "secalert@redhat.com",
"url": "https://www.exploit-db.com/exploits/39642/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/03/25/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537929/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/39642/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-02-28 18:29
Modified
2024-11-21 03:59
Severity ?
Summary
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6F007A7C-C5F1-44DB-8A6D-962813CBB3BD",
"versionEndIncluding": "4.0.1",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users."
},
{
"lang": "es",
"value": "En Apache OpenMeetings 3.0.0 - 4.0.1, las operaciones CRUD en usuarios privilegiados no est\u00e1n protegidas por contrase\u00f1a, por lo que un atacante autenticado podr\u00eda provocar una denegaci\u00f3n de servicio (DoS) sobre los usuarios privilegiados."
}
],
"id": "CVE-2018-1286",
"lastModified": "2024-11-21T03:59:32.900",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-28T18:29:00.217",
"references": [
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8%40%3Cuser.openmeetings.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8%40%3Cuser.openmeetings.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-08 09:15
Modified
2025-01-15 15:50
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0
Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.
Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E83A3409-D9F1-4F24-AC6A-D97C68AC2344",
"versionEndExcluding": "8.0.0",
"versionStartIncluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0\n\nDescription: Default clustering instructions at https://openmeetings.apache.org/Clustering.html \u00a0doesn\u0027t specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.\nUsers are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant \u0027openjpa.serialization.class.blacklist\u0027 and \u0027openjpa.serialization.class.whitelist\u0027 configurations as shown in the documentation."
},
{
"lang": "es",
"value": "Proveedor: The Apache Software Foundation Versiones afectadas: Apache OpenMeetings desde la versi\u00f3n 2.1.0 hasta la 8.0.0 Descripci\u00f3n: Las instrucciones de agrupamiento predeterminadas en https://openmeetings.apache.org/Clustering.html no especifican listas blancas/negras para OpenJPA, lo que lleva a una posible deserializaci\u00f3n de datos no confiables. Se recomienda a los usuarios actualizar a la versi\u00f3n 8.0.0 y actualizar sus scripts de inicio para incluir las configuraciones \u0027openjpa.serialization.class.blacklist\u0027 y \u0027openjpa.serialization.class.whitelist\u0027 relevantes como se muestra en la documentaci\u00f3n."
}
],
"id": "CVE-2024-54676",
"lastModified": "2025-01-15T15:50:39.987",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-01-08T09:15:07.440",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/01/08/1"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@apache.org",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-30 18:15
Modified
2024-11-21 05:02
Severity ?
Summary
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83F662CC-FD09-4023-A059-B3F1034392FA",
"versionEndIncluding": "5.0.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack."
},
{
"lang": "es",
"value": "Unos atacantes pueden usar el servicio web p\u00fablico NetTest de Apache OpenMeetings versiones 4.0.0-5.0.0, para organizar el ataque de denegaci\u00f3n de servicio"
}
],
"id": "CVE-2020-13951",
"lastModified": "2024-11-21T05:02:13.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-30T18:15:21.257",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/cwr552iapmhukb45 | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99576 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/cwr552iapmhukb45 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99576 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0."
},
{
"lang": "es",
"value": "Los documentos XML cargados no fueron comprobados correctamente en OpenMeetings versi\u00f3n 3.1.0. de Apache."
}
],
"id": "CVE-2017-7664",
"lastModified": "2024-11-21T03:32:24.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:29.703",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/cwr552iapmhukb45"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/cwr552iapmhukb45"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99576"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-11 14:59
Modified
2024-11-21 02:42
Severity ?
Summary
The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01C6A9F0-E6EE-4084-8DCD-F445AD181210",
"versionEndIncluding": "3.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time."
},
{
"lang": "es",
"value": "La funci\u00f3n sendHashByUser en Apache OpenMeetings en versiones anteriores a 3.1.1 genera tokens de reinicio de contrase\u00f1a predecibles, lo que hace m\u00e1s f\u00e1cil para atacantes remotos restablecer contrase\u00f1as de usuario arbitrarias aprovechando el conocimiento de un nombre de usuario y la hora de sistema actual."
}
],
"id": "CVE-2016-0783",
"lastModified": "2024-11-21T02:42:22.513",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-11T14:59:06.347",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/537886/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/537886/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/aka2z2dq7icfw2p2 | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99577 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/aka2z2dq7icfw2p2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99577 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0."
},
{
"lang": "es",
"value": "Tanto la sala de chat como el chat global, son vulnerables un ataque de tipo XSS en OpenMeetings versi\u00f3n 3.2.0. de Apache."
}
],
"id": "CVE-2017-7663",
"lastModified": "2024-11-21T03:32:24.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:29.673",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/aka2z2dq7icfw2p2"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/aka2z2dq7icfw2p2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99577"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/hint6fp66lijqdvu | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/hint6fp66lijqdvu | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure."
},
{
"lang": "es",
"value": "Apache OpenMeetings versi\u00f3n 1.0.0, muestra la versi\u00f3n y el seguimiento detallado de la pila de errores de Tomcat, que no es seguro."
}
],
"id": "CVE-2017-7683",
"lastModified": "2024-11-21T03:32:27.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:29.937",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/hint6fp66lijqdvu"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/hint6fp66lijqdvu"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/whhibri7ervbjvda | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/whhibri7ervbjvda | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains."
},
{
"lang": "es",
"value": "Apache OpenMeetings versi\u00f3n 1.0.0.0, tiene un archivo crossdomain.xml demasiado permisivo. Esto permite que el contenido flash sea cargado desde dominios no confiables."
}
],
"id": "CVE-2017-7680",
"lastModified": "2024-11-21T03:32:27.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:29.843",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/whhibri7ervbjvda"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/whhibri7ervbjvda"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/uxk4bpq35svnyjhb | Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99592 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/uxk4bpq35svnyjhb | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99592 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH."
},
{
"lang": "es",
"value": "Apache OpenMeetings versi\u00f3n 1.0.0, responde a los siguientes m\u00e9todos HTTP no seguros: PUT, DELETE, HEAD y PATCH."
}
],
"id": "CVE-2017-7685",
"lastModified": "2024-11-21T03:32:27.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:30.017",
"references": [
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "http://markmail.org/message/uxk4bpq35svnyjhb"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99592"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://markmail.org/message/uxk4bpq35svnyjhb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99592"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-12 08:15
Modified
2024-11-21 07:56
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker who has gained access to an admin account can perform RCE via null-byte injection
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF56B25D-1963-404C-A110-17CF21EAC47F",
"versionEndExcluding": "7.1.0",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker who has gained access to an admin account can perform RCE via null-byte injection\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0"
}
],
"id": "CVE-2023-29246",
"lastModified": "2024-11-21T07:56:45.373",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-12T08:15:08.997",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "security@apache.org",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/j774dp5ro5xmkmg6 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/j774dp5ro5xmkmg6 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end."
},
{
"lang": "es",
"value": "Apache OpenMeetings versi\u00f3n 1.0.0.0, es vulnerable a la inyecci\u00f3n SQL. Esto permite a usuarios identificados modificar la estructura de la consulta existente y filtrar la estructura de otras consultas que est\u00e1n siendo realizadas por la aplicaci\u00f3n en el back-end."
}
],
"id": "CVE-2017-7681",
"lastModified": "2024-11-21T03:32:27.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:29.877",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/j774dp5ro5xmkmg6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/j774dp5ro5xmkmg6"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/fkesu4e5hhz5xdbg | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/fkesu4e5hhz5xdbg | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks."
},
{
"lang": "es",
"value": "Apache OpenMeetings versi\u00f3n 1.0.0, es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF), ataques de tipo cross-site scripting (XSS), secuestro de cliqueo y ataques basados en MIME."
}
],
"id": "CVE-2017-7666",
"lastModified": "2024-11-21T03:32:25.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:29.737",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/fkesu4e5hhz5xdbg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/fkesu4e5hhz5xdbg"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-03-15 09:15
Modified
2024-11-21 05:58
Severity ?
Summary
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85E51375-48F0-49C6-99C4-1F82C57BCA7B",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0"
},
{
"lang": "es",
"value": "Si se encontr\u00f3 que el servicio web NetTest, puede ser usado para sobrecargar el ancho de banda de un servidor Apache OpenMeetings.\u0026#xa0;Este problema se solucion\u00f3 en Apache OpenMeetings versi\u00f3n 6.0.0"
}
],
"id": "CVE-2021-27576",
"lastModified": "2024-11-21T05:58:13.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-15T09:15:12.047",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/dbrbvf5k343ulivf | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/dbrbvf5k343ulivf | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas."
},
{
"lang": "es",
"value": "OpenMeetings versi\u00f3n 3.2.0 de Apache, es vulnerable a ataques de manipulaci\u00f3n de par\u00e1metros, como resultado el atacante tiene acceso a \u00e1reas restringidas."
}
],
"id": "CVE-2017-7682",
"lastModified": "2024-11-21T03:32:27.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:29.907",
"references": [
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/dbrbvf5k343ulivf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://markmail.org/message/dbrbvf5k343ulivf"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2016-0784
Vulnerability from cvelistv5
Published
2016-04-11 14:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
References
| ▼ | URL | Tags |
|---|---|---|
| http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code | x_refsource_MISC | |
| https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/39642/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.openwall.com/lists/oss-security/2016/03/25/2 | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html | x_refsource_MISC | |
| http://openmeetings.apache.org/security.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/537929/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"name": "39642",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/39642/"
},
{
"name": "[oss-security] 20160325 [CVE-2016-0784] ZIP file path traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/25/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"name": "20160330 [CVE-2016-0784] Apache OpenMeetings ZIP file path traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537929/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"name": "39642",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/39642/"
},
{
"name": "[oss-security] 20160325 [CVE-2016-0784] ZIP file path traversal",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/03/25/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"name": "20160330 [CVE-2016-0784] Apache OpenMeetings ZIP file path traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537929/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code",
"refsource": "MISC",
"url": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code"
},
{
"name": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"name": "39642",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39642/"
},
{
"name": "[oss-security] 20160325 [CVE-2016-0784] ZIP file path traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/25/2"
},
{
"name": "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html"
},
{
"name": "http://openmeetings.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://openmeetings.apache.org/security.html"
},
{
"name": "20160330 [CVE-2016-0784] Apache OpenMeetings ZIP file path traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537929/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0784",
"datePublished": "2016-04-11T14:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:04.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28936
Vulnerability from cvelistv5
Published
2023-05-12 07:45
Modified
2024-10-10 20:30
Severity ?
EPSS score ?
Summary
Attacker can access arbitrary recording/room
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/y6vng44c22ll221rtvsv208x1pbjmdoc | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 2.0.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:39.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/y6vng44c22ll221rtvsv208x1pbjmdoc"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openmeetings",
"vendor": "apache",
"versions": [
{
"lessThan": "7.1.0",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:26:04.896745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:30:03.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "7.1.0",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stefan Schiller"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Attacker can access arbitrary recording/room\u003cbr\u003e\u003cbr\u003eVendor: The Apache Software Foundation\u003cbr\u003e\u003cbr\u003eVersions\u0026nbsp;Affected: Apache OpenMeetings from 2.0.0 before 7.1.0\u003cbr\u003e"
}
],
"value": "Attacker can access arbitrary recording/room\n\nVendor: The Apache Software Foundation\n\nVersions\u00a0Affected: Apache OpenMeetings from 2.0.0 before 7.1.0\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697 Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T07:45:04.835Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/y6vng44c22ll221rtvsv208x1pbjmdoc"
}
],
"source": {
"defect": [
"OPENMEETINGS-2762"
],
"discovery": "EXTERNAL"
},
"title": "Apache OpenMeetings: insufficient check of invitation hash",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-28936",
"datePublished": "2023-05-12T07:45:04.835Z",
"dateReserved": "2023-03-28T15:43:06.369Z",
"dateUpdated": "2024-10-10T20:30:03.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29032
Vulnerability from cvelistv5
Published
2023-05-12 07:43
Modified
2024-10-10 19:48
Severity ?
EPSS score ?
Summary
An attacker that has gained access to certain private information can use this to act as other user.
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 3.1.3 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:14.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openmeetings",
"vendor": "apache",
"versions": [
{
"lessThan": "7.1.0",
"status": "affected",
"version": "3.1.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T19:44:48.609636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T19:48:37.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "7.1.0",
"status": "affected",
"version": "3.1.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stefan Schiller"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker that has gained access to certain private information can use this to act as other user.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eVendor: The Apache Software Foundation\u003cbr\u003e\u003cbr\u003eVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0"
}
],
"value": "An attacker that has gained access to certain private information can use this to act as other user.\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T07:43:30.483Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp"
}
],
"source": {
"defect": [
"OPENMEETINGS-2764"
],
"discovery": "EXTERNAL"
},
"title": "Apache OpenMeetings: allows bypass authentication",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-29032",
"datePublished": "2023-05-12T07:43:30.483Z",
"dateReserved": "2023-03-30T04:39:06.692Z",
"dateUpdated": "2024-10-10T19:48:37.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-8736
Vulnerability from cvelistv5
Published
2017-10-12 18:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openmeetings.markmail.org/thread/tr47byaaopnemvne | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94145 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: before 3.1.12 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:27:41.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openmeetings.markmail.org/thread/tr47byaaopnemvne"
},
{
"name": "94145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94145"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "before 3.1.12"
}
]
}
],
"datePublic": "2016-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-20T19:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openmeetings.markmail.org/thread/tr47byaaopnemvne"
},
{
"name": "94145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94145"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2016-8736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "before 3.1.12"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://openmeetings.markmail.org/thread/tr47byaaopnemvne",
"refsource": "MISC",
"url": "http://openmeetings.markmail.org/thread/tr47byaaopnemvne"
},
{
"name": "94145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94145"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2016-8736",
"datePublished": "2017-10-12T18:00:00",
"dateReserved": "2016-10-18T00:00:00",
"dateUpdated": "2024-08-06T02:27:41.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7663
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-17 03:08
Severity ?
EPSS score ?
Summary
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99577 | vdb-entry, x_refsource_BID | |
| http://markmail.org/message/aka2z2dq7icfw2p2 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 3.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99577",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99577"
},
{
"name": "[user] 20170713 CVE-2017-7663 - Apache OpenMeetings - XSS in chat",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/message/aka2z2dq7icfw2p2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "3.2.0"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-15T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "99577",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99577"
},
{
"name": "[user] 20170713 CVE-2017-7663 - Apache OpenMeetings - XSS in chat",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/message/aka2z2dq7icfw2p2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-7663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "3.2.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99577"
},
{
"name": "[user] 20170713 CVE-2017-7663 - Apache OpenMeetings - XSS in chat",
"refsource": "MLIST",
"url": "http://markmail.org/message/aka2z2dq7icfw2p2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7663",
"datePublished": "2017-07-14T15:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-17T03:08:15.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-54676
Vulnerability from cvelistv5
Published
2025-01-08 08:40
Modified
2025-01-08 14:00
Severity ?
EPSS score ?
Summary
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0
Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.
Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 2.1 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-08T09:02:51.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/08/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-54676",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T14:00:24.422606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T14:00:52.923Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "8.0.0",
"status": "affected",
"version": "2.1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "m0d9 from Tencent Yunding Lab"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVendor: The Apache Software Foundation\u003c/p\u003e\u003cp\u003eVersions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0\u003c/p\u003eDescription: Default clustering instructions at \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://openmeetings.apache.org/Clustering.html\"\u003ehttps://openmeetings.apache.org/Clustering.html\u003c/a\u003e\u0026nbsp;doesn\u0027t specify white/black lists for OpenJPA this leads to possible \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edeserialisation of untrusted data\u003c/span\u003e.\u003cbr\u003eUsers are recommended to upgrade to version 8.0.0 and \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eupdate their startup scripts to include the relevant \u003c/span\u003e\u003ccode\u003e\u0027openjpa.serialization.class.blacklist\u0027 and \u0027openjpa.serialization.class.whitelist\u0027 configurations as shown in the documentation\u003c/code\u003e."
}
],
"value": "Vendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0\n\nDescription: Default clustering instructions at https://openmeetings.apache.org/Clustering.html \u00a0doesn\u0027t specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.\nUsers are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant \u0027openjpa.serialization.class.blacklist\u0027 and \u0027openjpa.serialization.class.whitelist\u0027 configurations as shown in the documentation."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T08:40:03.705Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95"
}
],
"source": {
"defect": [
"OPENMEETINGS-2787"
],
"discovery": "EXTERNAL"
},
"title": "Apache OpenMeetings: Deserialisation of untrusted data in cluster mode",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-54676",
"datePublished": "2025-01-08T08:40:03.705Z",
"dateReserved": "2024-12-05T04:43:41.354Z",
"dateUpdated": "2025-01-08T14:00:52.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7666
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/fkesu4e5hhz5xdbg | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/message/fkesu4e5hhz5xdbg"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CSRF",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T14:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/message/fkesu4e5hhz5xdbg"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-7666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CSRF"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20170713 CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers",
"refsource": "MLIST",
"url": "http://markmail.org/message/fkesu4e5hhz5xdbg"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7666",
"datePublished": "2017-07-14T15:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-16T18:39:41.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1286
Vulnerability from cvelistv5
Published
2018-02-28 18:00
Modified
2024-09-16 18:07
Severity ?
EPSS score ?
Summary
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8%40%3Cuser.openmeetings.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 3.0.0 - 4.0.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:59:37.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[user] 20180225 [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8%40%3Cuser.openmeetings.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "3.0.0 - 4.0.1"
}
]
}
],
"datePublic": "2018-02-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insufficient Access Controls",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-28T17:57:02",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[user] 20180225 [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8%40%3Cuser.openmeetings.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-02-25T00:00:00",
"ID": "CVE-2018-1286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "3.0.0 - 4.0.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Access Controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20180225 [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1286",
"datePublished": "2018-02-28T18:00:00Z",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-09-16T18:07:50.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29246
Vulnerability from cvelistv5
Published
2023-05-12 07:43
Modified
2024-10-10 19:35
Severity ?
EPSS score ?
Summary
An attacker who has gained access to an admin account can perform RCE via null-byte injection
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 2.0.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:16.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openmeetings",
"vendor": "apache",
"versions": [
{
"lessThan": "7.1.0",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29246",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T19:34:24.542931Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T19:35:57.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "7.1.0",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stefan Schiller"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn attacker who has gained access to an admin account can perform RCE via null-byte injection\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eVendor: The Apache Software Foundation\u003cbr\u003e\u003cbr\u003eVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0"
}
],
"value": "An attacker who has gained access to an admin account can perform RCE via null-byte injection\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0"
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-12T07:43:20.422Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr"
}
],
"source": {
"defect": [
"OPENMEETINGS-2765"
],
"discovery": "EXTERNAL"
},
"title": "Apache OpenMeetings: allows null-byte Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-29246",
"datePublished": "2023-05-12T07:43:20.422Z",
"dateReserved": "2023-04-04T15:31:03.257Z",
"dateUpdated": "2024-10-10T19:35:57.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-0783
Vulnerability from cvelistv5
Published
2016-04-11 14:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.
References
| ▼ | URL | Tags |
|---|---|---|
| http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code | x_refsource_MISC | |
| http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html | x_refsource_MISC | |
| https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/537886/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://openmeetings.apache.org/security.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:30:04.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"name": "20160325 [CVE-2016-0783] Predictable password reset token",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537886/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openmeetings.apache.org/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"name": "20160325 [CVE-2016-0783] Predictable password reset token",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537886/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openmeetings.apache.org/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-0783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code",
"refsource": "MISC",
"url": "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code"
},
{
"name": "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html"
},
{
"name": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"name": "20160325 [CVE-2016-0783] Predictable password reset token",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537886/100/0/threaded"
},
{
"name": "http://openmeetings.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://openmeetings.apache.org/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-0783",
"datePublished": "2016-04-11T14:00:00",
"dateReserved": "2015-12-16T00:00:00",
"dateUpdated": "2024-08-05T22:30:04.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7673
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/3hshl26omwjo6c5i | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/99587 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/message/3hshl26omwjo6c5i"
},
{
"name": "99587",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-15T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/message/3hshl26omwjo6c5i"
},
{
"name": "99587",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99587"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2017-7673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20170713 CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords",
"refsource": "MLIST",
"url": "http://markmail.org/message/3hshl26omwjo6c5i"
},
{
"name": "99587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99587"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7673",
"datePublished": "2017-07-14T15:00:00",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-08-05T16:12:27.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2163
Vulnerability from cvelistv5
Published
2016-04-11 14:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://openmeetings.apache.org/security.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/537888/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"name": "20160325 [CVE-2016-2163] Stored Cross Site Scripting in Event description",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537888/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"name": "20160325 [CVE-2016-2163] Stored Cross Site Scripting in Event description",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537888/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"name": "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html"
},
{
"name": "http://openmeetings.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://openmeetings.apache.org/security.html"
},
{
"name": "20160325 [CVE-2016-2163] Stored Cross Site Scripting in Event description",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537888/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2163",
"datePublished": "2016-04-11T14:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3089
Vulnerability from cvelistv5
Published
2016-08-19 21:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/92442 | vdb-entry, x_refsource_BID | |
| http://openmeetings.apache.org/security.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/539192/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:40:15.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html"
},
{
"name": "92442",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92442"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"name": "20160812 [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/539192/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html"
},
{
"name": "92442",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92442"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openmeetings.apache.org/security.html"
},
{
"name": "20160812 [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/539192/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-3089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html"
},
{
"name": "92442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92442"
},
{
"name": "http://openmeetings.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://openmeetings.apache.org/security.html"
},
{
"name": "20160812 [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/539192/100/0/threaded"
},
{
"name": "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3089",
"datePublished": "2016-08-19T21:00:00",
"dateReserved": "2016-03-10T00:00:00",
"dateUpdated": "2024-08-05T23:40:15.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7680
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/whhibri7ervbjvda | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/message/whhibri7ervbjvda"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure crossdomain.xml policy",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T14:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/message/whhibri7ervbjvda"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-7680",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure crossdomain.xml policy"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20170713 CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy",
"refsource": "MLIST",
"url": "http://markmail.org/message/whhibri7ervbjvda"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7680",
"datePublished": "2017-07-14T15:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-16T19:09:47.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7664
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99576 | vdb-entry, x_refsource_BID | |
| http://markmail.org/message/cwr552iapmhukb45 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 3.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:28.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99576",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99576"
},
{
"name": "[user] 20170713 CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/message/cwr552iapmhukb45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "3.1.0"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XML Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-15T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "99576",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99576"
},
{
"name": "[user] 20170713 CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/message/cwr552iapmhukb45"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-7664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "3.1.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99576",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99576"
},
{
"name": "[user] 20170713 CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation",
"refsource": "MLIST",
"url": "http://markmail.org/message/cwr552iapmhukb45"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7664",
"datePublished": "2017-07-14T15:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-16T23:36:16.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27576
Vulnerability from cvelistv5
Published
2021-03-15 09:05
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 4.0.0 < Apache OpenMeetings 4* Version: Apache OpenMeetings 5 < |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "Apache OpenMeetings 4*",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.1.0",
"status": "affected",
"version": "Apache OpenMeetings 5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "This issue was identified by Trung Le, Chi Tran, Linh Cua"
}
],
"descriptions": [
{
"lang": "en",
"value": "If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Server bandwidth overload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-03T21:27:40.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Apache OpenMeetings: bandwidth can be overloaded with public web service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-27576",
"STATE": "PUBLIC",
"TITLE": "Apache OpenMeetings: bandwidth can be overloaded with public web service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "Apache OpenMeetings 4",
"version_value": "4.0.0"
},
{
"version_affected": "\u003c=",
"version_name": "Apache OpenMeetings 5",
"version_value": "5.1.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "This issue was identified by Trung Le, Chi Tran, Linh Cua"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Server bandwidth overload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-27576",
"datePublished": "2021-03-15T09:05:17.000Z",
"dateReserved": "2021-02-23T00:00:00.000Z",
"dateUpdated": "2025-02-13T16:27:56.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7681
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/j774dp5ro5xmkmg6 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/message/j774dp5ro5xmkmg6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T14:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/message/j774dp5ro5xmkmg6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-7681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20170713 CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services",
"refsource": "MLIST",
"url": "http://markmail.org/message/j774dp5ro5xmkmg6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7681",
"datePublished": "2017-07-14T15:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-16T18:39:15.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7683
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/hint6fp66lijqdvu | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7683 - Apache OpenMeetings - Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/message/hint6fp66lijqdvu"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T14:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7683 - Apache OpenMeetings - Information Disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/message/hint6fp66lijqdvu"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-7683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20170713 CVE-2017-7683 - Apache OpenMeetings - Information Disclosure",
"refsource": "MLIST",
"url": "http://markmail.org/message/hint6fp66lijqdvu"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7683",
"datePublished": "2017-07-14T15:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-16T18:33:49.648Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7682
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 22:09
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/dbrbvf5k343ulivf | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 3.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.934Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/message/dbrbvf5k343ulivf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "3.2.0"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Business Logic Bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T14:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/message/dbrbvf5k343ulivf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-7682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "3.2.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Business Logic Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20170713 CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass",
"refsource": "MLIST",
"url": "http://markmail.org/message/dbrbvf5k343ulivf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7682",
"datePublished": "2017-07-14T15:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-16T22:09:03.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7684
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-17 03:18
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99584 | vdb-entry, x_refsource_BID | |
| http://markmail.org/message/v6dpmrdd6cgg66up | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:28.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "99584",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99584"
},
{
"name": "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/message/v6dpmrdd6cgg66up"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 doesn\u0027t check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure File Upload",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-15T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "99584",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99584"
},
{
"name": "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/message/v6dpmrdd6cgg66up"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-7684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache OpenMeetings 1.0.0 doesn\u0027t check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99584"
},
{
"name": "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload",
"refsource": "MLIST",
"url": "http://markmail.org/message/v6dpmrdd6cgg66up"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7684",
"datePublished": "2017-07-14T15:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-17T03:18:54.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7685
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 16:59
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/uxk4bpq35svnyjhb | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/99592 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/message/uxk4bpq35svnyjhb"
},
{
"name": "99592",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99592"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure HTTP Methods",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-17T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/message/uxk4bpq35svnyjhb"
},
{
"name": "99592",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99592"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-7685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure HTTP Methods"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20170713 CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods",
"refsource": "MLIST",
"url": "http://markmail.org/message/uxk4bpq35svnyjhb"
},
{
"name": "99592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99592"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7685",
"datePublished": "2017-07-14T15:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-16T16:59:04.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2164
Vulnerability from cvelistv5
Published
2016-04-11 14:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html | x_refsource_MISC | |
| https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/537887/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://openmeetings.apache.org/security.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"name": "20160325 [CVE-2016-2164] Arbitrary file read via SOAP API",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/537887/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://openmeetings.apache.org/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"name": "20160325 [CVE-2016-2164] Arbitrary file read via SOAP API",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/537887/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://openmeetings.apache.org/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html"
},
{
"name": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG"
},
{
"name": "20160325 [CVE-2016-2164] Arbitrary file read via SOAP API",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/537887/100/0/threaded"
},
{
"name": "http://openmeetings.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://openmeetings.apache.org/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2164",
"datePublished": "2016-04-11T14:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-13951
Vulnerability from cvelistv5
Published
2020-09-30 17:22
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache OpenMeetings |
Version: Apache OpenMeetings 4.0.0 - 5.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:32:14.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html"
},
{
"name": "[announce] 20210125 Apache Software Foundation Security Report: 2020",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"
},
{
"name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Apache OpenMeetings 4.0.0 - 5.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-24T03:06:33",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html"
},
{
"name": "[announce] 20210125 Apache Software Foundation Security Report: 2020",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E"
},
{
"name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2020-13951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "Apache OpenMeetings 4.0.0 - 5.0.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E"
},
{
"name": "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html"
},
{
"name": "[announce] 20210125 Apache Software Foundation Security Report: 2020",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E"
},
{
"name": "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2020-13951",
"datePublished": "2020-09-30T17:22:51",
"dateReserved": "2020-06-08T00:00:00",
"dateUpdated": "2024-08-04T12:32:14.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-7688
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-17 03:02
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/ctsiiqtekzsun6fi | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/99586 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:12:27.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://markmail.org/message/ctsiiqtekzsun6fi"
},
{
"name": "99586",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "1.0.0"
}
]
}
],
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache OpenMeetings 1.0.0 updates user password in insecure manner."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Password Update",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-15T09:57:01",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[user] 20170713 CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://markmail.org/message/ctsiiqtekzsun6fi"
},
{
"name": "99586",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99586"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-7688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache OpenMeetings 1.0.0 updates user password in insecure manner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Password Update"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20170713 CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update",
"refsource": "MLIST",
"url": "http://markmail.org/message/ctsiiqtekzsun6fi"
},
{
"name": "99586",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99586"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-7688",
"datePublished": "2017-07-14T15:00:00Z",
"dateReserved": "2017-04-11T00:00:00",
"dateUpdated": "2024-09-17T03:02:48.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-28326
Vulnerability from cvelistv5
Published
2023-03-28 12:36
Modified
2024-10-23 15:13
Severity ?
EPSS score ?
Summary
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0
Description: Attacker can elevate their privileges in any room
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 2.0.0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openmeetings",
"vendor": "apache",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-28326",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-23T15:13:01.067926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T15:13:50.704Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "7.0.0",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dennis Zimmt"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVendor: The Apache Software Foundation\u003c/p\u003e\u003cp\u003eVersions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0\u003c/p\u003e\u003cp\u003eDescription: Attacker can elevate their privileges in any room\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Vendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0\n\nDescription: Attacker can elevate their privileges in any room\n\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "critical"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-28T12:36:11.566Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9"
}
],
"source": {
"defect": [
"OPENMEETINGS-2739"
],
"discovery": "UNKNOWN"
},
"title": "Apache OpenMeetings: allows user impersonation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2023-28326",
"datePublished": "2023-03-28T12:36:11.566Z",
"dateReserved": "2023-03-14T09:26:00.600Z",
"dateUpdated": "2024-10-23T15:13:50.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}