Lucene search
ApacheCVE-2023-29246HistoryMay 12, 2023 - 8:15 a.m.
CVE-2023-29246
2023-05-1208:15:08
CWE-20
apache
web.nvd.nist.gov
25
cve-2023-29246
apache
rce
null-byte injection
security vulnerability
nvd
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.001
Percentile
30.7%
An attacker who has gained access to an admin account can perform RCE via null-byte injection
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
Affected configurations
Node
apacheopenmeetingsRange2.0.0–7.1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apache | openmeetings | * | cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache OpenMeetings",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "7.1.0",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
]Related
osv
osv
CVE-2023-29246
2023-05-12 08:15:08
veracode
veracode
Remote Code Execution (RCE)
2023-05-19 05:17:09
nvd
nvd
CVE-2023-29246
2023-05-12 08:15:08
github
github
prion
prion
Design/Logic Flaw
2023-05-12 08:15:00
cvelist
cvelist
CVE-2023-29246 Apache OpenMeetings: allows null-byte Injection
2023-05-12 07:43:20
cnvd
cnvd
Apache OpenMeetings Code Execution Vulnerability
2023-05-17 00:00:00
openvas
openvas
Apache OpenMeetings 2.0.0 < 7.1.0 Multiple Vulnerabilities
2023-05-15 00:00:00
thn
thn
CVSS3
7.2
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AI Score
7
Confidence
High
EPSS
0.001
Percentile
30.7%
Related for CVE-2023-29246