fkie_cve-2017-7688
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2025-04-20 01:37
Severity ?
Summary
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
References
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | http://markmail.org/message/ctsiiqtekzsun6fi | Mailing List, Third Party Advisory | |
security@apache.org | http://www.securityfocus.com/bid/99586 | Third Party Advisory, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://markmail.org/message/ctsiiqtekzsun6fi | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99586 | Third Party Advisory, VDB Entry |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
apache | openmeetings | 1.0.0 | |
apache | openmeetings | 2.0 | |
apache | openmeetings | 2.1 | |
apache | openmeetings | 2.1.1 | |
apache | openmeetings | 2.2.0 | |
apache | openmeetings | 3.0.0 | |
apache | openmeetings | 3.0.1 | |
apache | openmeetings | 3.0.2 | |
apache | openmeetings | 3.0.3 | |
apache | openmeetings | 3.0.4 | |
apache | openmeetings | 3.0.5 | |
apache | openmeetings | 3.0.6 | |
apache | openmeetings | 3.0.7 | |
apache | openmeetings | 3.1.0 | |
apache | openmeetings | 3.1.1 | |
apache | openmeetings | 3.1.2 | |
apache | openmeetings | 3.1.3 | |
apache | openmeetings | 3.1.4 | |
apache | openmeetings | 3.1.5 | |
apache | openmeetings | 3.2.0 | |
apache | openmeetings | 3.2.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "72B6167B-E822-4146-87F2-E2769DC85F99", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*", matchCriteriaId: "8CDA54EE-9AE1-4551-8C24-D2077515029C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*", matchCriteriaId: "AB137AFF-1BB8-4FFC-9247-376718AAFEB2", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*", matchCriteriaId: "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*", matchCriteriaId: "E44AAC6C-13E1-423B-BB4C-4C92B763DE34", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "268D5F6C-F1E8-400B-8D79-A79A9481DFDE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*", matchCriteriaId: "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*", matchCriteriaId: "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*", matchCriteriaId: "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*", matchCriteriaId: "94BB2711-23CA-4FA5-8868-664A839F7EAA", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*", matchCriteriaId: "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*", matchCriteriaId: "96D13854-BD10-4404-89A7-F6D398680628", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*", matchCriteriaId: "3EC465AB-5CA6-4C97-8544-59D3236A7123", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "DC811824-EA8F-49F6-B732-10731A1BC0EF", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*", matchCriteriaId: "8AFF29DC-46BA-4505-A921-42C783BC4C8F", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*", matchCriteriaId: "085A80B3-B880-428D-AF1D-BED61C31E304", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*", matchCriteriaId: "46036494-F97D-4C02-A630-102D9E7DE2CE", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*", matchCriteriaId: "A2C208B6-E86A-4F73-B078-BA47BA1B162D", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*", matchCriteriaId: "331EDEB7-D823-43C6-9D8B-E872F921A328", vulnerable: true, }, { criteria: "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*", matchCriteriaId: "B8D44A5F-C7BD-4CC2-9065-179FA92301C9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Apache OpenMeetings 1.0.0 updates user password in insecure manner.", }, { lang: "es", value: "Apache OpenMeetings versión 1.0.0, actualiza la contraseña de usuario de manera no confiable.", }, ], id: "CVE-2017-7688", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-17T13:18:30.047", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/ctsiiqtekzsun6fi", }, { source: "security@apache.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99586", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://markmail.org/message/ctsiiqtekzsun6fi", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/99586", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.