Vulnerabilites related to apache - openmeetings
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/fkesu4e5hhz5xdbg | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/fkesu4e5hhz5xdbg | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72B6167B-E822-4146-87F2-E2769DC85F99", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CDA54EE-9AE1-4551-8C24-D2077515029C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB137AFF-1BB8-4FFC-9247-376718AAFEB2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E44AAC6C-13E1-423B-BB4C-4C92B763DE34", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "268D5F6C-F1E8-400B-8D79-A79A9481DFDE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "94BB2711-23CA-4FA5-8868-664A839F7EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "96D13854-BD10-4404-89A7-F6D398680628", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3EC465AB-5CA6-4C97-8544-59D3236A7123", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DC811824-EA8F-49F6-B732-10731A1BC0EF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8AFF29DC-46BA-4505-A921-42C783BC4C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "085A80B3-B880-428D-AF1D-BED61C31E304", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "46036494-F97D-4C02-A630-102D9E7DE2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A2C208B6-E86A-4F73-B078-BA47BA1B162D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.", }, { lang: "es", value: "Apache OpenMeetings versión 1.0.0, es vulnerable a ataques de tipo Cross-Site Request Forgery (CSRF), ataques de tipo cross-site scripting (XSS), secuestro de cliqueo y ataques basados en MIME.", }, ], id: "CVE-2017-7666", lastModified: "2024-11-21T03:32:25.053", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:29.737", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/fkesu4e5hhz5xdbg", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/fkesu4e5hhz5xdbg", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-03-15 09:15
Modified
2024-11-21 05:58
Severity ?
Summary
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "85E51375-48F0-49C6-99C4-1F82C57BCA7B", versionEndExcluding: "6.0.0", versionStartIncluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0", }, { lang: "es", value: "Si se encontró que el servicio web NetTest, puede ser usado para sobrecargar el ancho de banda de un servidor Apache OpenMeetings. Este problema se solucionó en Apache OpenMeetings versión 6.0.0", }, ], id: "CVE-2021-27576", lastModified: "2024-11-21T05:58:13.400", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-03-15T09:15:12.047", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/j774dp5ro5xmkmg6 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/j774dp5ro5xmkmg6 | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72B6167B-E822-4146-87F2-E2769DC85F99", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CDA54EE-9AE1-4551-8C24-D2077515029C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB137AFF-1BB8-4FFC-9247-376718AAFEB2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E44AAC6C-13E1-423B-BB4C-4C92B763DE34", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "268D5F6C-F1E8-400B-8D79-A79A9481DFDE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "94BB2711-23CA-4FA5-8868-664A839F7EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "96D13854-BD10-4404-89A7-F6D398680628", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3EC465AB-5CA6-4C97-8544-59D3236A7123", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DC811824-EA8F-49F6-B732-10731A1BC0EF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8AFF29DC-46BA-4505-A921-42C783BC4C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "085A80B3-B880-428D-AF1D-BED61C31E304", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "46036494-F97D-4C02-A630-102D9E7DE2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A2C208B6-E86A-4F73-B078-BA47BA1B162D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.", }, { lang: "es", value: "Apache OpenMeetings versión 1.0.0.0, es vulnerable a la inyección SQL. Esto permite a usuarios identificados modificar la estructura de la consulta existente y filtrar la estructura de otras consultas que están siendo realizadas por la aplicación en el back-end.", }, ], id: "CVE-2017-7681", lastModified: "2024-11-21T03:32:27.213", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:29.877", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/j774dp5ro5xmkmg6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/j774dp5ro5xmkmg6", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-89", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-28 13:15
Modified
2024-11-21 07:54
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0
Description: Attacker can elevate their privileges in any room
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9 | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9 | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "0875B7CD-1D9F-4D5D-B570-4C9123055FA6", versionEndExcluding: "7.0.0", versionStartIncluding: "2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0\n\nDescription: Attacker can elevate their privileges in any room\n\n\n", }, ], id: "CVE-2023-28326", lastModified: "2024-11-21T07:54:50.917", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-28T13:15:07.153", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-306", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-02-28 18:29
Modified
2024-11-21 03:59
Severity ?
Summary
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "6F007A7C-C5F1-44DB-8A6D-962813CBB3BD", versionEndIncluding: "4.0.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.", }, { lang: "es", value: "En Apache OpenMeetings 3.0.0 - 4.0.1, las operaciones CRUD en usuarios privilegiados no están protegidas por contraseña, por lo que un atacante autenticado podría provocar una denegación de servicio (DoS) sobre los usuarios privilegiados.", }, ], id: "CVE-2018-1286", lastModified: "2024-11-21T03:59:32.900", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-02-28T18:29:00.217", references: [ { source: "security@apache.org", url: "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8%40%3Cuser.openmeetings.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8%40%3Cuser.openmeetings.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/v6dpmrdd6cgg66up | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99584 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/v6dpmrdd6cgg66up | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99584 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72B6167B-E822-4146-87F2-E2769DC85F99", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CDA54EE-9AE1-4551-8C24-D2077515029C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB137AFF-1BB8-4FFC-9247-376718AAFEB2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E44AAC6C-13E1-423B-BB4C-4C92B763DE34", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "268D5F6C-F1E8-400B-8D79-A79A9481DFDE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "94BB2711-23CA-4FA5-8868-664A839F7EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "96D13854-BD10-4404-89A7-F6D398680628", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3EC465AB-5CA6-4C97-8544-59D3236A7123", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DC811824-EA8F-49F6-B732-10731A1BC0EF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8AFF29DC-46BA-4505-A921-42C783BC4C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "085A80B3-B880-428D-AF1D-BED61C31E304", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "46036494-F97D-4C02-A630-102D9E7DE2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A2C208B6-E86A-4F73-B078-BA47BA1B162D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.", }, { lang: "es", value: "Apache OpenMeetings versión 1.0.0, no comprueba el contenido de los archivos que se están cargando. Un atacante puede causar una denegación de servicio mediante la carga de múltiples archivos grandes en el servidor.", }, ], id: "CVE-2017-7684", lastModified: "2024-11-21T03:32:27.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:29.987", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/v6dpmrdd6cgg66up", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99584", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/v6dpmrdd6cgg66up", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99584", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-400", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/ctsiiqtekzsun6fi | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99586 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/ctsiiqtekzsun6fi | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99586 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72B6167B-E822-4146-87F2-E2769DC85F99", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CDA54EE-9AE1-4551-8C24-D2077515029C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB137AFF-1BB8-4FFC-9247-376718AAFEB2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E44AAC6C-13E1-423B-BB4C-4C92B763DE34", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "268D5F6C-F1E8-400B-8D79-A79A9481DFDE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "94BB2711-23CA-4FA5-8868-664A839F7EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "96D13854-BD10-4404-89A7-F6D398680628", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3EC465AB-5CA6-4C97-8544-59D3236A7123", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DC811824-EA8F-49F6-B732-10731A1BC0EF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8AFF29DC-46BA-4505-A921-42C783BC4C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "085A80B3-B880-428D-AF1D-BED61C31E304", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "46036494-F97D-4C02-A630-102D9E7DE2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A2C208B6-E86A-4F73-B078-BA47BA1B162D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 updates user password in insecure manner.", }, { lang: "es", value: "Apache OpenMeetings versión 1.0.0, actualiza la contraseña de usuario de manera no confiable.", }, ], id: "CVE-2017-7688", lastModified: "2024-11-21T03:32:27.997", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:30.047", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/ctsiiqtekzsun6fi", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99586", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/ctsiiqtekzsun6fi", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99586", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-12 08:15
Modified
2024-11-21 07:56
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Attacker can access arbitrary recording/room
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "AF56B25D-1963-404C-A110-17CF21EAC47F", versionEndExcluding: "7.1.0", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Attacker can access arbitrary recording/room\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0\n", }, ], id: "CVE-2023-28936", lastModified: "2024-11-21T07:56:15.823", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-12T08:15:08.857", references: [ { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/y6vng44c22ll221rtvsv208x1pbjmdoc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/y6vng44c22ll221rtvsv208x1pbjmdoc", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-697", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-11 14:59
Modified
2024-11-21 02:47
Severity ?
Summary
The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "01C6A9F0-E6EE-4084-8DCD-F445AD181210", versionEndIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.", }, { lang: "es", value: "Los métodos de la API SOAP (1) FileService.importFileByInternalUserId y (2) FileService.importFile en Apache OpenMeetings en versiones anteriores a 3.1.1 no utiliza apropiadamente la clase URL Java sin comprobar el manejador de protocolo especificado, lo que permite a atacantes remotos leer archivos arbitrarios intentando cargar un archivo.", }, ], id: "CVE-2016-2164", lastModified: "2024-11-21T02:47:56.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-11T14:59:09.410", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://openmeetings.apache.org/security.html", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/537887/100/0/threaded", }, { source: "secalert@redhat.com", url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://openmeetings.apache.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/537887/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2025-01-08 09:15
Modified
2025-01-15 15:50
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0
Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.
Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "E83A3409-D9F1-4F24-AC6A-D97C68AC2344", versionEndExcluding: "8.0.0", versionStartIncluding: "2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Vendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0\n\nDescription: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.\nUsers are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.", }, { lang: "es", value: "Proveedor: The Apache Software Foundation Versiones afectadas: Apache OpenMeetings desde la versión 2.1.0 hasta la 8.0.0 Descripción: Las instrucciones de agrupamiento predeterminadas en https://openmeetings.apache.org/Clustering.html no especifican listas blancas/negras para OpenJPA, lo que lleva a una posible deserialización de datos no confiables. Se recomienda a los usuarios actualizar a la versión 8.0.0 y actualizar sus scripts de inicio para incluir las configuraciones 'openjpa.serialization.class.blacklist' y 'openjpa.serialization.class.whitelist' relevantes como se muestra en la documentación.", }, ], id: "CVE-2024-54676", lastModified: "2025-01-15T15:50:39.987", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2025-01-08T09:15:07.440", references: [ { source: "security@apache.org", tags: [ "Vendor Advisory", ], url: "https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2025/01/08/1", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-11 14:59
Modified
2024-11-21 02:42
Severity ?
Summary
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "01C6A9F0-E6EE-4084-8DCD-F445AD181210", versionEndIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en la funcionalidad Import/Export System Backups en Apache OpenMeetings en versiones anteriores a 3.1.1 permite a administradores remotos autenticados escribir en archivos arbitrarios través de un .. (punto punto) en una entrada de archivo comprimido ZIP.", }, ], id: "CVE-2016-0784", lastModified: "2024-11-21T02:42:22.640", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-11T14:59:07.347", references: [ { source: "secalert@redhat.com", url: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://openmeetings.apache.org/security.html", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2016/03/25/2", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/537929/100/0/threaded", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { source: "secalert@redhat.com", url: "https://www.exploit-db.com/exploits/39642/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://openmeetings.apache.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2016/03/25/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/537929/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.exploit-db.com/exploits/39642/", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/whhibri7ervbjvda | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/whhibri7ervbjvda | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72B6167B-E822-4146-87F2-E2769DC85F99", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CDA54EE-9AE1-4551-8C24-D2077515029C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB137AFF-1BB8-4FFC-9247-376718AAFEB2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E44AAC6C-13E1-423B-BB4C-4C92B763DE34", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "268D5F6C-F1E8-400B-8D79-A79A9481DFDE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "94BB2711-23CA-4FA5-8868-664A839F7EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "96D13854-BD10-4404-89A7-F6D398680628", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3EC465AB-5CA6-4C97-8544-59D3236A7123", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DC811824-EA8F-49F6-B732-10731A1BC0EF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8AFF29DC-46BA-4505-A921-42C783BC4C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "085A80B3-B880-428D-AF1D-BED61C31E304", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "46036494-F97D-4C02-A630-102D9E7DE2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A2C208B6-E86A-4F73-B078-BA47BA1B162D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.", }, { lang: "es", value: "Apache OpenMeetings versión 1.0.0.0, tiene un archivo crossdomain.xml demasiado permisivo. Esto permite que el contenido flash sea cargado desde dominios no confiables.", }, ], id: "CVE-2017-7680", lastModified: "2024-11-21T03:32:27.093", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:29.843", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/whhibri7ervbjvda", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/whhibri7ervbjvda", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-12 08:15
Modified
2024-11-21 07:56
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker that has gained access to certain private information can use this to act as other user.
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "912F0955-80C7-4442-9054-A567D2ACEC6F", versionEndExcluding: "7.1.0", versionStartIncluding: "3.1.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An attacker that has gained access to certain private information can use this to act as other user.\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0", }, ], id: "CVE-2023-29032", lastModified: "2024-11-21T07:56:25.847", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-12T08:15:08.930", references: [ { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-287", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-11 14:59
Modified
2024-11-21 02:47
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "01C6A9F0-E6EE-4084-8DCD-F445AD181210", versionEndIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.", }, { lang: "es", value: "Vulnerabilidad de XSS en Apache OpenMeetings en versiones anteriores a 3.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la descripción de evento cuando se crea un evento.", }, ], id: "CVE-2016-2163", lastModified: "2024-11-21T02:47:56.227", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-11T14:59:08.457", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://openmeetings.apache.org/security.html", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/537888/100/0/threaded", }, { source: "secalert@redhat.com", url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://openmeetings.apache.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/537888/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/aka2z2dq7icfw2p2 | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99577 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/aka2z2dq7icfw2p2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99577 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.", }, { lang: "es", value: "Tanto la sala de chat como el chat global, son vulnerables un ataque de tipo XSS en OpenMeetings versión 3.2.0. de Apache.", }, ], id: "CVE-2017-7663", lastModified: "2024-11-21T03:32:24.693", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:29.673", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/aka2z2dq7icfw2p2", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99577", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/aka2z2dq7icfw2p2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99577", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-12 08:15
Modified
2024-11-21 07:56
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An attacker who has gained access to an admin account can perform RCE via null-byte injection
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "AF56B25D-1963-404C-A110-17CF21EAC47F", versionEndExcluding: "7.1.0", versionStartIncluding: "2.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An attacker who has gained access to an admin account can perform RCE via null-byte injection\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0", }, ], id: "CVE-2023-29246", lastModified: "2024-11-21T07:56:45.373", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-12T08:15:08.997", references: [ { source: "security@apache.org", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security@apache.org", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-10-12 18:29
Modified
2024-11-21 02:59
Severity ?
Summary
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://openmeetings.markmail.org/thread/tr47byaaopnemvne | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/94145 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openmeetings.markmail.org/thread/tr47byaaopnemvne | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/94145 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "7C55C3FE-0D7D-4143-935C-3AF4867171FD", versionEndExcluding: "3.1.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.", }, { lang: "es", value: "Apache OpenMeetings, en versiones anteriores a la 3.1.2, es vulnerable a la ejecución remota de código mediante un ataque de deserialización de RMI.", }, ], id: "CVE-2016-8736", lastModified: "2024-11-21T02:59:57.493", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-12T18:29:00.447", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://openmeetings.markmail.org/thread/tr47byaaopnemvne", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94145", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://openmeetings.markmail.org/thread/tr47byaaopnemvne", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/94145", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/3hshl26omwjo6c5i | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99587 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/3hshl26omwjo6c5i | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99587 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72B6167B-E822-4146-87F2-E2769DC85F99", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CDA54EE-9AE1-4551-8C24-D2077515029C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB137AFF-1BB8-4FFC-9247-376718AAFEB2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E44AAC6C-13E1-423B-BB4C-4C92B763DE34", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "268D5F6C-F1E8-400B-8D79-A79A9481DFDE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "94BB2711-23CA-4FA5-8868-664A839F7EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "96D13854-BD10-4404-89A7-F6D398680628", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3EC465AB-5CA6-4C97-8544-59D3236A7123", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DC811824-EA8F-49F6-B732-10731A1BC0EF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8AFF29DC-46BA-4505-A921-42C783BC4C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "085A80B3-B880-428D-AF1D-BED61C31E304", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "46036494-F97D-4C02-A630-102D9E7DE2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A2C208B6-E86A-4F73-B078-BA47BA1B162D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.", }, { lang: "es", value: "Apache OpenMeetings versión 1.0.0.0, utiliza un almacenamiento criptográfico no muy fuerte, el captcha no es usado en el registro y olvida los cuadros de diálogos de contraseñas, y los formularios de identificación carecen de protección de fuerza bruta.", }, ], id: "CVE-2017-7673", lastModified: "2024-11-21T03:32:26.063", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:29.813", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/3hshl26omwjo6c5i", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99587", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/3hshl26omwjo6c5i", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99587", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-307", }, { lang: "en", value: "CWE-326", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-08-19 21:59
Modified
2024-11-21 02:49
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "E738AD66-3F16-4B61-BEEC-01F457D6D03D", versionEndIncluding: "3.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.", }, { lang: "es", value: "Vulnerabilidad de XSS en el panel SWF en Apache OpenMeetings en versiones anteriores a 3.1.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro swf.", }, ], id: "CVE-2016-3089", lastModified: "2024-11-21T02:49:20.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-08-19T21:59:04.477", references: [ { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://openmeetings.apache.org/security.html", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/539192/100/0/threaded", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/92442", }, { source: "secalert@redhat.com", tags: [ "Release Notes", ], url: "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://openmeetings.apache.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/539192/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/92442", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/hint6fp66lijqdvu | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/hint6fp66lijqdvu | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72B6167B-E822-4146-87F2-E2769DC85F99", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CDA54EE-9AE1-4551-8C24-D2077515029C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB137AFF-1BB8-4FFC-9247-376718AAFEB2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E44AAC6C-13E1-423B-BB4C-4C92B763DE34", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "268D5F6C-F1E8-400B-8D79-A79A9481DFDE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "94BB2711-23CA-4FA5-8868-664A839F7EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "96D13854-BD10-4404-89A7-F6D398680628", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3EC465AB-5CA6-4C97-8544-59D3236A7123", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DC811824-EA8F-49F6-B732-10731A1BC0EF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8AFF29DC-46BA-4505-A921-42C783BC4C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "085A80B3-B880-428D-AF1D-BED61C31E304", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "46036494-F97D-4C02-A630-102D9E7DE2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A2C208B6-E86A-4F73-B078-BA47BA1B162D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.", }, { lang: "es", value: "Apache OpenMeetings versión 1.0.0, muestra la versión y el seguimiento detallado de la pila de errores de Tomcat, que no es seguro.", }, ], id: "CVE-2017-7683", lastModified: "2024-11-21T03:32:27.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:29.937", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/hint6fp66lijqdvu", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/hint6fp66lijqdvu", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-11 14:59
Modified
2024-11-21 02:42
Severity ?
Summary
The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "01C6A9F0-E6EE-4084-8DCD-F445AD181210", versionEndIncluding: "3.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.", }, { lang: "es", value: "La función sendHashByUser en Apache OpenMeetings en versiones anteriores a 3.1.1 genera tokens de reinicio de contraseña predecibles, lo que hace más fácil para atacantes remotos restablecer contraseñas de usuario arbitrarias aprovechando el conocimiento de un nombre de usuario y la hora de sistema actual.", }, ], id: "CVE-2016-0783", lastModified: "2024-11-21T02:42:22.513", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-11T14:59:06.347", references: [ { source: "secalert@redhat.com", url: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", }, { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://openmeetings.apache.org/security.html", }, { source: "secalert@redhat.com", url: "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/archive/1/537886/100/0/threaded", }, { source: "secalert@redhat.com", url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://openmeetings.apache.org/security.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/537886/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/cwr552iapmhukb45 | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99576 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/cwr552iapmhukb45 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99576 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DC811824-EA8F-49F6-B732-10731A1BC0EF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8AFF29DC-46BA-4505-A921-42C783BC4C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "085A80B3-B880-428D-AF1D-BED61C31E304", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "46036494-F97D-4C02-A630-102D9E7DE2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A2C208B6-E86A-4F73-B078-BA47BA1B162D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.", }, { lang: "es", value: "Los documentos XML cargados no fueron comprobados correctamente en OpenMeetings versión 3.1.0. de Apache.", }, ], id: "CVE-2017-7664", lastModified: "2024-11-21T03:32:24.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 10, baseSeverity: "CRITICAL", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:29.703", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/cwr552iapmhukb45", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/cwr552iapmhukb45", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99576", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-611", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-30 18:15
Modified
2024-11-21 05:02
Severity ?
Summary
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", matchCriteriaId: "83F662CC-FD09-4023-A059-B3F1034392FA", versionEndIncluding: "5.0.0", versionStartIncluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.", }, { lang: "es", value: "Unos atacantes pueden usar el servicio web público NetTest de Apache OpenMeetings versiones 4.0.0-5.0.0, para organizar el ataque de denegación de servicio", }, ], id: "CVE-2020-13951", lastModified: "2024-11-21T05:02:13.303", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-30T18:15:21.257", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", url: "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", }, { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/uxk4bpq35svnyjhb | Third Party Advisory | |
| security@apache.org | http://www.securityfocus.com/bid/99592 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/uxk4bpq35svnyjhb | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99592 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 1.0.0 | |
| apache | openmeetings | 2.0 | |
| apache | openmeetings | 2.1 | |
| apache | openmeetings | 2.1.1 | |
| apache | openmeetings | 2.2.0 | |
| apache | openmeetings | 3.0.0 | |
| apache | openmeetings | 3.0.1 | |
| apache | openmeetings | 3.0.2 | |
| apache | openmeetings | 3.0.3 | |
| apache | openmeetings | 3.0.4 | |
| apache | openmeetings | 3.0.5 | |
| apache | openmeetings | 3.0.6 | |
| apache | openmeetings | 3.0.7 | |
| apache | openmeetings | 3.1.0 | |
| apache | openmeetings | 3.1.1 | |
| apache | openmeetings | 3.1.2 | |
| apache | openmeetings | 3.1.3 | |
| apache | openmeetings | 3.1.4 | |
| apache | openmeetings | 3.1.5 | |
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72B6167B-E822-4146-87F2-E2769DC85F99", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CDA54EE-9AE1-4551-8C24-D2077515029C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB137AFF-1BB8-4FFC-9247-376718AAFEB2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E44AAC6C-13E1-423B-BB4C-4C92B763DE34", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "268D5F6C-F1E8-400B-8D79-A79A9481DFDE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "94BB2711-23CA-4FA5-8868-664A839F7EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "96D13854-BD10-4404-89A7-F6D398680628", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3EC465AB-5CA6-4C97-8544-59D3236A7123", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DC811824-EA8F-49F6-B732-10731A1BC0EF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8AFF29DC-46BA-4505-A921-42C783BC4C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "085A80B3-B880-428D-AF1D-BED61C31E304", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "46036494-F97D-4C02-A630-102D9E7DE2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A2C208B6-E86A-4F73-B078-BA47BA1B162D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.", }, { lang: "es", value: "Apache OpenMeetings versión 1.0.0, responde a los siguientes métodos HTTP no seguros: PUT, DELETE, HEAD y PATCH.", }, ], id: "CVE-2017-7685", lastModified: "2024-11-21T03:32:27.663", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:30.017", references: [ { source: "security@apache.org", tags: [ "Third Party Advisory", ], url: "http://markmail.org/message/uxk4bpq35svnyjhb", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99592", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://markmail.org/message/uxk4bpq35svnyjhb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99592", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:32
Severity ?
Summary
Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | http://markmail.org/message/dbrbvf5k343ulivf | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/dbrbvf5k343ulivf | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | openmeetings | 3.2.0 | |
| apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.", }, { lang: "es", value: "OpenMeetings versión 3.2.0 de Apache, es vulnerable a ataques de manipulación de parámetros, como resultado el atacante tiene acceso a áreas restringidas.", }, ], id: "CVE-2017-7682", lastModified: "2024-11-21T03:32:27.330", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 6.4, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:29.907", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/dbrbvf5k343ulivf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/dbrbvf5k343ulivf", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2016-0783
Vulnerability from cvelistv5
Published
2016-04-11 14:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.
References
| ▼ | URL | Tags |
|---|---|---|
| http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code | x_refsource_MISC | |
| http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html | x_refsource_MISC | |
| https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/537886/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://openmeetings.apache.org/security.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:04.152Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { name: "20160325 [CVE-2016-0783] Predictable password reset token", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/537886/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openmeetings.apache.org/security.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-24T00:00:00", descriptions: [ { lang: "en", value: "The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { name: "20160325 [CVE-2016-0783] Predictable password reset token", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/537886/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openmeetings.apache.org/security.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-0783", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", refsource: "MISC", url: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", }, { name: "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/136432/Apache-OpenMeetings-3.1.0-MD5-Hashing.html", }, { name: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", refsource: "CONFIRM", url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { name: "20160325 [CVE-2016-0783] Predictable password reset token", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/537886/100/0/threaded", }, { name: "http://openmeetings.apache.org/security.html", refsource: "CONFIRM", url: "http://openmeetings.apache.org/security.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0783", datePublished: "2016-04-11T14:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:04.152Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-8736
Vulnerability from cvelistv5
Published
2017-10-12 18:00
Modified
2024-08-06 02:27
Severity ?
EPSS score ?
Summary
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openmeetings.markmail.org/thread/tr47byaaopnemvne | x_refsource_MISC | |
| http://www.securityfocus.com/bid/94145 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: before 3.1.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T02:27:41.285Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://openmeetings.markmail.org/thread/tr47byaaopnemvne", }, { name: "94145", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/94145", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "before 3.1.12", }, ], }, ], datePublic: "2016-07-11T00:00:00", descriptions: [ { lang: "en", value: "Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-02-20T19:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://openmeetings.markmail.org/thread/tr47byaaopnemvne", }, { name: "94145", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/94145", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2016-8736", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "before 3.1.12", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://openmeetings.markmail.org/thread/tr47byaaopnemvne", refsource: "MISC", url: "http://openmeetings.markmail.org/thread/tr47byaaopnemvne", }, { name: "94145", refsource: "BID", url: "http://www.securityfocus.com/bid/94145", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2016-8736", datePublished: "2017-10-12T18:00:00", dateReserved: "2016-10-18T00:00:00", dateUpdated: "2024-08-06T02:27:41.285Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1286
Vulnerability from cvelistv5
Published
2018-02-28 18:00
Modified
2024-09-16 18:07
Severity ?
EPSS score ?
Summary
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8%40%3Cuser.openmeetings.apache.org%3E | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 3.0.0 - 4.0.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T03:59:37.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[user] 20180225 [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8%40%3Cuser.openmeetings.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "3.0.0 - 4.0.1", }, ], }, ], datePublic: "2018-02-25T00:00:00", descriptions: [ { lang: "en", value: "In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.", }, ], problemTypes: [ { descriptions: [ { description: "Insufficient Access Controls", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-02-28T17:57:02", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[user] 20180225 [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8%40%3Cuser.openmeetings.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2018-02-25T00:00:00", ID: "CVE-2018-1286", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "3.0.0 - 4.0.1", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Insufficient Access Controls", }, ], }, ], }, references: { reference_data: [ { name: "[user] 20180225 [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls", refsource: "MLIST", url: "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2018-1286", datePublished: "2018-02-28T18:00:00Z", dateReserved: "2017-12-07T00:00:00", dateUpdated: "2024-09-16T18:07:50.245Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7685
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 16:59
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/uxk4bpq35svnyjhb | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/99592 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:12:27.873Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[user] 20170713 CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://markmail.org/message/uxk4bpq35svnyjhb", }, { name: "99592", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99592", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.0.0", }, ], }, ], datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.", }, ], problemTypes: [ { descriptions: [ { description: "Insecure HTTP Methods", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-17T09:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[user] 20170713 CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://markmail.org/message/uxk4bpq35svnyjhb", }, { name: "99592", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99592", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-07-13T00:00:00", ID: "CVE-2017-7685", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "1.0.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Insecure HTTP Methods", }, ], }, ], }, references: { reference_data: [ { name: "[user] 20170713 CVE-2017-7685 - Apache OpenMeetings - Insecure HTTP Methods", refsource: "MLIST", url: "http://markmail.org/message/uxk4bpq35svnyjhb", }, { name: "99592", refsource: "BID", url: "http://www.securityfocus.com/bid/99592", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-7685", datePublished: "2017-07-14T15:00:00Z", dateReserved: "2017-04-11T00:00:00", dateUpdated: "2024-09-16T16:59:04.257Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-54676
Vulnerability from cvelistv5
Published
2025-01-08 08:40
Modified
2025-01-08 14:00
Severity ?
EPSS score ?
Summary
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0
Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.
Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 2.1 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2025-01-08T09:02:51.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2025/01/08/1", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-54676", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T14:00:24.422606Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T14:00:52.923Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { lessThan: "8.0.0", status: "affected", version: "2.1", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "m0d9 from Tencent Yunding Lab", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Vendor: The Apache Software Foundation</p><p>Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0</p>Description: Default clustering instructions at <a target=\"_blank\" rel=\"nofollow\" href=\"https://openmeetings.apache.org/Clustering.html\">https://openmeetings.apache.org/Clustering.html</a> doesn't specify white/black lists for OpenJPA this leads to possible <span style=\"background-color: rgb(255, 255, 255);\">deserialisation of untrusted data</span>.<br>Users are recommended to upgrade to version 8.0.0 and <span style=\"background-color: rgb(255, 255, 255);\">update their startup scripts to include the relevant </span><code>'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation</code>.", }, ], value: "Vendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0\n\nDescription: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.\nUsers are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.", }, ], metrics: [ { other: { content: { text: "important", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-08T08:40:03.705Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95", }, ], source: { defect: [ "OPENMEETINGS-2787", ], discovery: "EXTERNAL", }, title: "Apache OpenMeetings: Deserialisation of untrusted data in cluster mode", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2024-54676", datePublished: "2025-01-08T08:40:03.705Z", dateReserved: "2024-12-05T04:43:41.354Z", dateUpdated: "2025-01-08T14:00:52.923Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7688
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-17 03:02
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/ctsiiqtekzsun6fi | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/99586 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:12:27.837Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[user] 20170713 CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://markmail.org/message/ctsiiqtekzsun6fi", }, { name: "99586", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99586", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.0.0", }, ], }, ], datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 updates user password in insecure manner.", }, ], problemTypes: [ { descriptions: [ { description: "Insecure Password Update", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-15T09:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[user] 20170713 CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://markmail.org/message/ctsiiqtekzsun6fi", }, { name: "99586", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99586", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-07-13T00:00:00", ID: "CVE-2017-7688", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "1.0.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache OpenMeetings 1.0.0 updates user password in insecure manner.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Insecure Password Update", }, ], }, ], }, references: { reference_data: [ { name: "[user] 20170713 CVE-2017-7688 - Apache OpenMeetings - Insecure Password Update", refsource: "MLIST", url: "http://markmail.org/message/ctsiiqtekzsun6fi", }, { name: "99586", refsource: "BID", url: "http://www.securityfocus.com/bid/99586", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-7688", datePublished: "2017-07-14T15:00:00Z", dateReserved: "2017-04-11T00:00:00", dateUpdated: "2024-09-17T03:02:48.446Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2164
Vulnerability from cvelistv5
Published
2016-04-11 14:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html | x_refsource_MISC | |
| https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/537887/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://openmeetings.apache.org/security.html | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.624Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { name: "20160325 [CVE-2016-2164] Arbitrary file read via SOAP API", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/537887/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openmeetings.apache.org/security.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-24T00:00:00", descriptions: [ { lang: "en", value: "The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { name: "20160325 [CVE-2016-2164] Arbitrary file read via SOAP API", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/537887/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openmeetings.apache.org/security.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-2164", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.html", }, { name: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", refsource: "CONFIRM", url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { name: "20160325 [CVE-2016-2164] Arbitrary file read via SOAP API", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/537887/100/0/threaded", }, { name: "http://openmeetings.apache.org/security.html", refsource: "CONFIRM", url: "http://openmeetings.apache.org/security.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2164", datePublished: "2016-04-11T14:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:17:50.624Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-3089
Vulnerability from cvelistv5
Published
2016-08-19 21:00
Modified
2024-08-05 23:40
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/92442 | vdb-entry, x_refsource_BID | |
| http://openmeetings.apache.org/security.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/539192/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:40:15.634Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html", }, { name: "92442", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/92442", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openmeetings.apache.org/security.html", }, { name: "20160812 [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/539192/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-12T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html", }, { name: "92442", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/92442", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openmeetings.apache.org/security.html", }, { name: "20160812 [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/539192/100/0/threaded", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-3089", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/138313/Apache-OpenMeetings-3.1.0-Cross-Site-Scripting.html", }, { name: "92442", refsource: "BID", url: "http://www.securityfocus.com/bid/92442", }, { name: "http://openmeetings.apache.org/security.html", refsource: "CONFIRM", url: "http://openmeetings.apache.org/security.html", }, { name: "20160812 [CVE-2016-3089] Apache OpenMeetings XSS in SWF panel", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/539192/100/0/threaded", }, { name: "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG", refsource: "CONFIRM", url: "https://www.apache.org/dist/openmeetings/3.1.2/CHANGELOG", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-3089", datePublished: "2016-08-19T21:00:00", dateReserved: "2016-03-10T00:00:00", dateUpdated: "2024-08-05T23:40:15.634Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29246
Vulnerability from cvelistv5
Published
2023-05-12 07:43
Modified
2024-10-10 19:35
Severity ?
EPSS score ?
Summary
An attacker who has gained access to an admin account can perform RCE via null-byte injection
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 2.0.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:16.063Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "openmeetings", vendor: "apache", versions: [ { lessThan: "7.1.0", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-29246", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T19:34:24.542931Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-10T19:35:57.172Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { lessThan: "7.1.0", status: "affected", version: "2.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Stefan Schiller", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">An attacker who has gained access to an admin account can perform RCE via null-byte injection</span><br><br>Vendor: The Apache Software Foundation<br><br>Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0", }, ], value: "An attacker who has gained access to an admin account can perform RCE via null-byte injection\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0", }, ], metrics: [ { other: { content: { text: "important", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-12T07:43:20.422Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr", }, ], source: { defect: [ "OPENMEETINGS-2765", ], discovery: "EXTERNAL", }, title: "Apache OpenMeetings: allows null-byte Injection", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-29246", datePublished: "2023-05-12T07:43:20.422Z", dateReserved: "2023-04-04T15:31:03.257Z", dateUpdated: "2024-10-10T19:35:57.172Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-29032
Vulnerability from cvelistv5
Published
2023-05-12 07:43
Modified
2024-10-10 19:48
Severity ?
EPSS score ?
Summary
An attacker that has gained access to certain private information can use this to act as other user.
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 3.1.3 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:00:14.627Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "openmeetings", vendor: "apache", versions: [ { lessThan: "7.1.0", status: "affected", version: "3.1.3", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-29032", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T19:44:48.609636Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-10T19:48:37.089Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { lessThan: "7.1.0", status: "affected", version: "3.1.3", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Stefan Schiller", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">An attacker that has gained access to certain private information can use this to act as other user.</span><br><br>Vendor: The Apache Software Foundation<br><br>Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0", }, ], value: "An attacker that has gained access to certain private information can use this to act as other user.\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0", }, ], metrics: [ { other: { content: { text: "important", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-287", description: "CWE-287 Improper Authentication", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-12T07:43:30.483Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp", }, ], source: { defect: [ "OPENMEETINGS-2764", ], discovery: "EXTERNAL", }, title: "Apache OpenMeetings: allows bypass authentication", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-29032", datePublished: "2023-05-12T07:43:30.483Z", dateReserved: "2023-03-30T04:39:06.692Z", dateUpdated: "2024-10-10T19:48:37.089Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7684
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-17 03:18
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99584 | vdb-entry, x_refsource_BID | |
| http://markmail.org/message/v6dpmrdd6cgg66up | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:12:28.182Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99584", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99584", }, { name: "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://markmail.org/message/v6dpmrdd6cgg66up", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.0.0", }, ], }, ], datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.", }, ], problemTypes: [ { descriptions: [ { description: "Insecure File Upload", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-15T09:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "99584", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99584", }, { name: "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://markmail.org/message/v6dpmrdd6cgg66up", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-07-13T00:00:00", ID: "CVE-2017-7684", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "1.0.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Insecure File Upload", }, ], }, ], }, references: { reference_data: [ { name: "99584", refsource: "BID", url: "http://www.securityfocus.com/bid/99584", }, { name: "[user] 20170713 CVE-2017-7684 - Apache OpenMeetings - Insecure File Upload", refsource: "MLIST", url: "http://markmail.org/message/v6dpmrdd6cgg66up", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-7684", datePublished: "2017-07-14T15:00:00Z", dateReserved: "2017-04-11T00:00:00", dateUpdated: "2024-09-17T03:18:54.640Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-13951
Vulnerability from cvelistv5
Published
2020-09-30 17:22
Modified
2024-08-04 12:32
Severity ?
EPSS score ?
Summary
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Apache OpenMeetings |
Version: Apache OpenMeetings 4.0.0 - 5.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T12:32:14.315Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html", }, { name: "[announce] 20210125 Apache Software Foundation Security Report: 2020", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", }, { name: "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "n/a", versions: [ { status: "affected", version: "Apache OpenMeetings 4.0.0 - 5.0.0", }, ], }, ], descriptions: [ { lang: "en", value: "Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-02-24T03:06:33", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html", }, { name: "[announce] 20210125 Apache Software Foundation Security Report: 2020", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", }, { name: "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7%40%3Cannounce.apache.org%3E", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2020-13951", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "Apache OpenMeetings 4.0.0 - 5.0.0", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/re2aed827cd24ae73cbc320e5808020c8d12c7b687ee861b27d728bbc%40%3Cuser.openmeetings.apache.org%3E", }, { name: "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/160186/Apache-OpenMeetings-5.0.0-Denial-Of-Service.html", }, { name: "[announce] 20210125 Apache Software Foundation Security Report: 2020", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E", }, { name: "[announce] 20210223 Re: Apache Software Foundation Security Report: 2020", refsource: "MLIST", url: "https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2020-13951", datePublished: "2020-09-30T17:22:51", dateReserved: "2020-06-08T00:00:00", dateUpdated: "2024-08-04T12:32:14.315Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7666
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/fkesu4e5hhz5xdbg | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:12:27.831Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[user] 20170713 CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://markmail.org/message/fkesu4e5hhz5xdbg", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.0.0", }, ], }, ], datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.", }, ], problemTypes: [ { descriptions: [ { description: "CSRF", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-14T14:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[user] 20170713 CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://markmail.org/message/fkesu4e5hhz5xdbg", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-07-13T00:00:00", ID: "CVE-2017-7666", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "1.0.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CSRF", }, ], }, ], }, references: { reference_data: [ { name: "[user] 20170713 CVE-2017-7666 - Apache OpenMeetings Missing Secure Headers", refsource: "MLIST", url: "http://markmail.org/message/fkesu4e5hhz5xdbg", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-7666", datePublished: "2017-07-14T15:00:00Z", dateReserved: "2017-04-11T00:00:00", dateUpdated: "2024-09-16T18:39:41.477Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7680
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 19:09
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/whhibri7ervbjvda | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:12:27.837Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[user] 20170713 CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://markmail.org/message/whhibri7ervbjvda", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.0.0", }, ], }, ], datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.", }, ], problemTypes: [ { descriptions: [ { description: "Insecure crossdomain.xml policy", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-14T14:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[user] 20170713 CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://markmail.org/message/whhibri7ervbjvda", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-07-13T00:00:00", ID: "CVE-2017-7680", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "1.0.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Insecure crossdomain.xml policy", }, ], }, ], }, references: { reference_data: [ { name: "[user] 20170713 CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy", refsource: "MLIST", url: "http://markmail.org/message/whhibri7ervbjvda", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-7680", datePublished: "2017-07-14T15:00:00Z", dateReserved: "2017-04-11T00:00:00", dateUpdated: "2024-09-16T19:09:47.391Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7681
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/j774dp5ro5xmkmg6 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:12:27.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[user] 20170713 CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://markmail.org/message/j774dp5ro5xmkmg6", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.0.0", }, ], }, ], datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.", }, ], problemTypes: [ { descriptions: [ { description: "SQL injection", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-14T14:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[user] 20170713 CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://markmail.org/message/j774dp5ro5xmkmg6", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-07-13T00:00:00", ID: "CVE-2017-7681", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "1.0.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "SQL injection", }, ], }, ], }, references: { reference_data: [ { name: "[user] 20170713 CVE-2017-7681 - Apache OpenMeetings - SQL injection in web services", refsource: "MLIST", url: "http://markmail.org/message/j774dp5ro5xmkmg6", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-7681", datePublished: "2017-07-14T15:00:00Z", dateReserved: "2017-04-11T00:00:00", dateUpdated: "2024-09-16T18:39:15.972Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-2163
Vulnerability from cvelistv5
Published
2016-04-11 14:00
Modified
2024-08-05 23:17
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://openmeetings.apache.org/security.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/537888/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T23:17:50.603Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openmeetings.apache.org/security.html", }, { name: "20160325 [CVE-2016-2163] Stored Cross Site Scripting in Event description", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/537888/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-24T00:00:00", descriptions: [ { lang: "en", value: "Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openmeetings.apache.org/security.html", }, { name: "20160325 [CVE-2016-2163] Stored Cross Site Scripting in Event description", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/537888/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-2163", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", refsource: "CONFIRM", url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { name: "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/136433/Apache-OpenMeetings-3.0.7-Cross-Site-Scripting.html", }, { name: "http://openmeetings.apache.org/security.html", refsource: "CONFIRM", url: "http://openmeetings.apache.org/security.html", }, { name: "20160325 [CVE-2016-2163] Stored Cross Site Scripting in Event description", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/537888/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-2163", datePublished: "2016-04-11T14:00:00", dateReserved: "2016-01-29T00:00:00", dateUpdated: "2024-08-05T23:17:50.603Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28936
Vulnerability from cvelistv5
Published
2023-05-12 07:45
Modified
2024-10-10 20:30
Severity ?
EPSS score ?
Summary
Attacker can access arbitrary recording/room
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/y6vng44c22ll221rtvsv208x1pbjmdoc | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 2.0.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T13:51:39.125Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/y6vng44c22ll221rtvsv208x1pbjmdoc", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "openmeetings", vendor: "apache", versions: [ { lessThan: "7.1.0", status: "affected", version: "2.0.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-28936", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-10T20:26:04.896745Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-10T20:30:03.380Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { lessThan: "7.1.0", status: "affected", version: "2.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Stefan Schiller", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Attacker can access arbitrary recording/room<br><br>Vendor: The Apache Software Foundation<br><br>Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0<br>", }, ], value: "Attacker can access arbitrary recording/room\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0\n", }, ], metrics: [ { other: { content: { text: "critical", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-697", description: "CWE-697 Incorrect Comparison", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-12T07:45:04.835Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/y6vng44c22ll221rtvsv208x1pbjmdoc", }, ], source: { defect: [ "OPENMEETINGS-2762", ], discovery: "EXTERNAL", }, title: "Apache OpenMeetings: insufficient check of invitation hash", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-28936", datePublished: "2023-05-12T07:45:04.835Z", dateReserved: "2023-03-28T15:43:06.369Z", dateUpdated: "2024-10-10T20:30:03.380Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7673
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/3hshl26omwjo6c5i | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/99587 | vdb-entry, x_refsource_BID |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:12:27.911Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[user] 20170713 CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://markmail.org/message/3hshl26omwjo6c5i", }, { name: "99587", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99587", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.0.0", }, ], }, ], datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-15T09:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[user] 20170713 CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://markmail.org/message/3hshl26omwjo6c5i", }, { name: "99587", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99587", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2017-7673", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "1.0.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[user] 20170713 CVE-2017-7673 - Apache OpenMeetings Insufficient check in dialogs with passwords", refsource: "MLIST", url: "http://markmail.org/message/3hshl26omwjo6c5i", }, { name: "99587", refsource: "BID", url: "http://www.securityfocus.com/bid/99587", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-7673", datePublished: "2017-07-14T15:00:00", dateReserved: "2017-04-11T00:00:00", dateUpdated: "2024-08-05T16:12:27.911Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0784
Vulnerability from cvelistv5
Published
2016-04-11 14:00
Modified
2024-08-05 22:30
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
References
| ▼ | URL | Tags |
|---|---|---|
| http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code | x_refsource_MISC | |
| https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG | x_refsource_CONFIRM | |
| https://www.exploit-db.com/exploits/39642/ | exploit, x_refsource_EXPLOIT-DB | |
| http://www.openwall.com/lists/oss-security/2016/03/25/2 | mailing-list, x_refsource_MLIST | |
| http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html | x_refsource_MISC | |
| http://openmeetings.apache.org/security.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/537929/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:30:04.354Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { name: "39642", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/39642/", }, { name: "[oss-security] 20160325 [CVE-2016-0784] ZIP file path traversal", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2016/03/25/2", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://openmeetings.apache.org/security.html", }, { name: "20160330 [CVE-2016-0784] Apache OpenMeetings ZIP file path traversal", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/537929/100/0/threaded", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-03-24T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { name: "39642", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/39642/", }, { name: "[oss-security] 20160325 [CVE-2016-0784] ZIP file path traversal", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2016/03/25/2", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://openmeetings.apache.org/security.html", }, { name: "20160330 [CVE-2016-0784] Apache OpenMeetings ZIP file path traversal", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/537929/100/0/threaded", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2016-0784", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", refsource: "MISC", url: "http://haxx.ml/post/141655340521/all-your-meetings-are-belong-to-us-remote-code", }, { name: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", refsource: "CONFIRM", url: "https://www.apache.org/dist/openmeetings/3.1.1/CHANGELOG", }, { name: "39642", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/39642/", }, { name: "[oss-security] 20160325 [CVE-2016-0784] ZIP file path traversal", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2016/03/25/2", }, { name: "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/136484/Apache-OpenMeetings-3.1.0-Path-Traversal.html", }, { name: "http://openmeetings.apache.org/security.html", refsource: "CONFIRM", url: "http://openmeetings.apache.org/security.html", }, { name: "20160330 [CVE-2016-0784] Apache OpenMeetings ZIP file path traversal", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/537929/100/0/threaded", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2016-0784", datePublished: "2016-04-11T14:00:00", dateReserved: "2015-12-16T00:00:00", dateUpdated: "2024-08-05T22:30:04.354Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7664
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 23:36
Severity ?
EPSS score ?
Summary
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99576 | vdb-entry, x_refsource_BID | |
| http://markmail.org/message/cwr552iapmhukb45 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 3.1.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:12:28.233Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99576", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99576", }, { name: "[user] 20170713 CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://markmail.org/message/cwr552iapmhukb45", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "3.1.0", }, ], }, ], datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.", }, ], problemTypes: [ { descriptions: [ { description: "XML Validation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-15T09:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "99576", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99576", }, { name: "[user] 20170713 CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://markmail.org/message/cwr552iapmhukb45", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-07-13T00:00:00", ID: "CVE-2017-7664", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "3.1.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "XML Validation", }, ], }, ], }, references: { reference_data: [ { name: "99576", refsource: "BID", url: "http://www.securityfocus.com/bid/99576", }, { name: "[user] 20170713 CVE-2017-7664 - Apache OpenMeetings - Missing XML Validation", refsource: "MLIST", url: "http://markmail.org/message/cwr552iapmhukb45", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-7664", datePublished: "2017-07-14T15:00:00Z", dateReserved: "2017-04-11T00:00:00", dateUpdated: "2024-09-16T23:36:16.238Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7682
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 22:09
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/dbrbvf5k343ulivf | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 3.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:12:27.934Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[user] 20170713 CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://markmail.org/message/dbrbvf5k343ulivf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "3.2.0", }, ], }, ], datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.", }, ], problemTypes: [ { descriptions: [ { description: "Business Logic Bypass", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-14T14:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[user] 20170713 CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://markmail.org/message/dbrbvf5k343ulivf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-07-13T00:00:00", ID: "CVE-2017-7682", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "3.2.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Business Logic Bypass", }, ], }, ], }, references: { reference_data: [ { name: "[user] 20170713 CVE-2017-7682 - Apache OpenMeetings - Business Logic Bypass", refsource: "MLIST", url: "http://markmail.org/message/dbrbvf5k343ulivf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-7682", datePublished: "2017-07-14T15:00:00Z", dateReserved: "2017-04-11T00:00:00", dateUpdated: "2024-09-16T22:09:03.569Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28326
Vulnerability from cvelistv5
Published
2023-03-28 12:36
Modified
2024-10-23 15:13
Severity ?
EPSS score ?
Summary
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0
Description: Attacker can elevate their privileges in any room
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 2.0.0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T12:38:25.190Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "openmeetings", vendor: "apache", versions: [ { lessThan: "7.0.0", status: "affected", version: "2.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-28326", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-23T15:13:01.067926Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-23T15:13:50.704Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { lessThan: "7.0.0", status: "affected", version: "2.0.0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Dennis Zimmt", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>Vendor: The Apache Software Foundation</p><p>Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0</p><p>Description: Attacker can elevate their privileges in any room</p><br>", }, ], value: "Vendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0\n\nDescription: Attacker can elevate their privileges in any room\n\n\n", }, ], metrics: [ { other: { content: { text: "critical", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-306", description: "CWE-306 Missing Authentication for Critical Function", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-28T12:36:11.566Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9", }, ], source: { defect: [ "OPENMEETINGS-2739", ], discovery: "UNKNOWN", }, title: "Apache OpenMeetings: allows user impersonation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2023-28326", datePublished: "2023-03-28T12:36:11.566Z", dateReserved: "2023-03-14T09:26:00.600Z", dateUpdated: "2024-10-23T15:13:50.704Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7663
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-17 03:08
Severity ?
EPSS score ?
Summary
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/99577 | vdb-entry, x_refsource_BID | |
| http://markmail.org/message/aka2z2dq7icfw2p2 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 3.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:12:27.768Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "99577", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/99577", }, { name: "[user] 20170713 CVE-2017-7663 - Apache OpenMeetings - XSS in chat", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://markmail.org/message/aka2z2dq7icfw2p2", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "3.2.0", }, ], }, ], datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.", }, ], problemTypes: [ { descriptions: [ { description: "XSS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-15T09:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "99577", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/99577", }, { name: "[user] 20170713 CVE-2017-7663 - Apache OpenMeetings - XSS in chat", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://markmail.org/message/aka2z2dq7icfw2p2", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-07-13T00:00:00", ID: "CVE-2017-7663", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "3.2.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "XSS", }, ], }, ], }, references: { reference_data: [ { name: "99577", refsource: "BID", url: "http://www.securityfocus.com/bid/99577", }, { name: "[user] 20170713 CVE-2017-7663 - Apache OpenMeetings - XSS in chat", refsource: "MLIST", url: "http://markmail.org/message/aka2z2dq7icfw2p2", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-7663", datePublished: "2017-07-14T15:00:00Z", dateReserved: "2017-04-11T00:00:00", dateUpdated: "2024-09-17T03:08:15.636Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-7683
Vulnerability from cvelistv5
Published
2017-07-14 15:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://markmail.org/message/hint6fp66lijqdvu | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 1.0.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T16:12:27.821Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[user] 20170713 CVE-2017-7683 - Apache OpenMeetings - Information Disclosure", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://markmail.org/message/hint6fp66lijqdvu", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { status: "affected", version: "1.0.0", }, ], }, ], datePublic: "2017-07-13T00:00:00", descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-14T14:57:01", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { name: "[user] 20170713 CVE-2017-7683 - Apache OpenMeetings - Information Disclosure", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://markmail.org/message/hint6fp66lijqdvu", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", DATE_PUBLIC: "2017-07-13T00:00:00", ID: "CVE-2017-7683", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_value: "1.0.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "[user] 20170713 CVE-2017-7683 - Apache OpenMeetings - Information Disclosure", refsource: "MLIST", url: "http://markmail.org/message/hint6fp66lijqdvu", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2017-7683", datePublished: "2017-07-14T15:00:00Z", dateReserved: "2017-04-11T00:00:00", dateUpdated: "2024-09-16T18:33:49.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27576
Vulnerability from cvelistv5
Published
2021-03-15 09:05
Modified
2025-02-13 16:27
Severity ?
EPSS score ?
Summary
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache OpenMeetings |
Version: 4.0.0 < Apache OpenMeetings 4* Version: Apache OpenMeetings 5 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:26:09.671Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Apache OpenMeetings", vendor: "Apache Software Foundation", versions: [ { lessThan: "Apache OpenMeetings 4*", status: "affected", version: "4.0.0", versionType: "custom", }, { lessThanOrEqual: "5.1.0", status: "affected", version: "Apache OpenMeetings 5", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "This issue was identified by Trung Le, Chi Tran, Linh Cua", }, ], descriptions: [ { lang: "en", value: "If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0", }, ], problemTypes: [ { descriptions: [ { description: "Server bandwidth overload", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-03T21:27:40.000Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E", }, ], source: { discovery: "UNKNOWN", }, title: "Apache OpenMeetings: bandwidth can be overloaded with public web service", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2021-27576", STATE: "PUBLIC", TITLE: "Apache OpenMeetings: bandwidth can be overloaded with public web service", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache OpenMeetings", version: { version_data: [ { version_affected: ">=", version_name: "Apache OpenMeetings 4", version_value: "4.0.0", }, { version_affected: "<=", version_name: "Apache OpenMeetings 5", version_value: "5.1.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credit: [ { lang: "eng", value: "This issue was identified by Trung Le, Chi Tran, Linh Cua", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Server bandwidth overload", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E", refsource: "MISC", url: "https://lists.apache.org/thread.html/r9bb615bd70a0197368f5f3ffc887162686caeb0b5fc30592a7a871e9%40%3Cuser.openmeetings.apache.org%3E", }, ], }, source: { discovery: "UNKNOWN", }, }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2021-27576", datePublished: "2021-03-15T09:05:17.000Z", dateReserved: "2021-02-23T00:00:00.000Z", dateUpdated: "2025-02-13T16:27:56.370Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }