Lucene search
K
ApacheOpenmeetings

28 matches found

CVE
CVE
added 2020/09/30 5:22 p.m.117 views

CVE-2020-13951

CVE-2020-13951 affects Apache OpenMeetings where a DoS can be triggered via the public NetTest web service in versions 4.0.0–5.0.0. The vulnerability description in connected sources confirms that remote attackers can organize a denial-of-service attack using the NetTest endpoint; exploit details...

7.5CVSS7.3AI score0.70365EPSS
Web
CVE
CVE
added 2021/03/15 9:5 a.m.96 views

CVE-2021-27576

CVE-2021-27576 concerns Apache OpenMeetings where the NetTest web service can be abused to overload the server’s bandwidth, resulting in a denial-of-service. The issue is described as a remote DoS with the NetTest component and is noted to have been addressed in Apache OpenMeetings 6.0.0. Public ...

7.5CVSS7.3AI score0.0284EPSS
CVE
CVE
added 2025/01/08 8:40 a.m.90 views

CVE-2024-54676

CVE-2024-54676 affects Apache OpenMeetings (2.1.0 up to 8.0.0, multiple entries across feeds). The issue is deserialization of untrusted data in cluster mode due to clustering instructions not specifying OpenJPA white/blacklists. Affected users are advised to upgrade to OpenMeetings 8.0.0 and to ...

9.8CVSS6.6AI score0.65176EPSS
CVE
CVE
added 2023/03/28 12:36 p.m.84 views

CVE-2023-28326

CVE-2023-28326 affects Apache OpenMeetings 2.0.0 up to, but not including, 7.0.0. The root cause is an access control error where meeting invitation URLs lack authentication, enabling an attacker to impersonate users and elevate privileges within a meeting room. Publicly documented by GHSA and re...

9.8CVSS9.5AI score0.01262EPSS
CVE
CVE
added 2017/07/14 3:0 p.m.77 views

CVE-2017-7663

CVE-2017-7663 corresponds to an XSS vulnerability in Apache OpenMeetings 3.2.0, affecting both global and Room chat. The issue is publicly described as a cross-site scripting flaw in the OpenMeetings 3.2.0 release, with remediation noted as a fix in version 3.3.0. The NVD entry lists CVSS scores ...

6.1CVSS6.2AI score0.02666EPSS
CVE
CVE
added 2017/07/14 3:0 p.m.76 views

CVE-2017-7683

CVE-2017-7683 affects Apache OpenMeetings 1.0.0, where error handling discloses the Tomcat version and a detailed stack trace. This information leakage can aid attackers by revealing server details. The advisory notes the issue is fixed in OpenMeetings 3.3.0; upgrading to >=3.3.0 is the recomm...

7.5CVSS7.6AI score0.01996EPSS
CVE
CVE
added 2017/07/14 3:0 p.m.75 views

CVE-2017-7682

Summary: Apache OpenMeetings 3.2.0 is described as vulnerable to parameter manipulation attacks, enabling access to restricted areas (CVE-2017-7682). The Connected documents corroborate the same issue across multiple feeds (NVD, GHSA, OSV, CNVD, CNVD, etc.). Affected product/version: OpenMeetings...

8.2CVSS8.1AI score0.01642EPSS
CVE
CVE
added 2016/04/11 2:0 p.m.74 views

CVE-2016-2164

The CVE-2016-2164 issue affects Apache OpenMeetings prior to 3.1.1. The vulnerability stems from the FileService.importFileByInternalUserId and FileService.importFile SOAP APIs, which improperly use the Java URL class without validating the protocol handler, allowing remote attackers to read arbi...

7.5CVSS7.4AI score0.07009EPSS
CVE
CVE
added 2017/07/14 3:0 p.m.72 views

CVE-2017-7684

CVE-2017-7684 affects Apache OpenMeetings 1.0.0. The vulnerability arises from not checking the contents of uploaded files, enabling an attacker to cause a Denial of Service by uploading multiple large files. Public sources (NVD, OSV) describe impact as high (CVSS v3 base 7.5) with network access...

7.5CVSS7.3AI score0.02813EPSS
CVE
CVE
added 2017/07/14 3:0 p.m.70 views

CVE-2017-7688

Apache OpenMeetings 1.0.0 is affected by an insecure password update vulnerability described as updating user passwords in an insecure manner. Multiple connected sources (NVD entry CVE-2017-7688; GHSA-XHJ7-JR45-5W8R; OSV and OpenVAS entries) confirm the issue and indicate it affects OpenMeetings ...

7.5CVSS7.6AI score0.0297EPSS
CVE
CVE
added 2017/07/14 3:0 p.m.69 views

CVE-2017-7673

Apache OpenMeetings 1.0.0 is affected by CVE-2017-7673 due to weak cryptographic storage and missing brute-force protection in authentication-related forms, with registration and password-reset flows lacking captcha. Connected docs confirm the vulnerability details but do not provide a remediatio...

9.8CVSS9.5AI score0.01647EPSS
CVE
CVE
added 2017/07/14 3:0 p.m.68 views

CVE-2017-7664

CVE-2017-7664 affects Apache OpenMeetings where uploaded XML documents were not correctly validated in version 3.1.0. The associated advisories indicate this was a remote issue due to missing XML validation, with a remediation noted as upgrading to 3.3.0 (the fix). The NVD metrics show a high bas...

10CVSS9.4AI score0.02346EPSS
CVE
CVE
added 2023/05/12 7:45 a.m.67 views

CVE-2023-28936

CVE-2023-28936 affects Apache OpenMeetings 2.0.0 to before 7.1.0. Multiple connected entries (GHSA/OSV/NVD/CNVD) describe an insufficient authorization vulnerability that allows an attacker to access arbitrary recordings/rooms. Exploitation details are not provided in the supplied documents; no r...

5.3CVSS5.8AI score0.01204EPSS
CVE
CVE
added 2017/07/14 3:0 p.m.66 views

CVE-2017-7666

CVE-2017-7666 affects Apache OpenMeetings 1.0.0 and exposes CSRF, XSS, click‑jacking, and MIME-based attacks. The issue is addressed in OpenMeetings 3.3.0; remediation is to upgrade to at least 3.3.0. Exploitation details are not provided in the supplied documents.

8.8CVSS8.5AI score0.00804EPSS
CVE
CVE
added 2017/07/14 3:0 p.m.64 views

CVE-2017-7680

CVE-2017-7680 affects Apache OpenMeetings 1.0.0. The issue is an overly permissive crossdomain.xml file, allowing flash content to be loaded from untrusted domains. Root cause: crossdomain policy grants loading from external domains, enabling potential cross-domain interactions. Impact is the abi...

7.5CVSS7.5AI score0.01807EPSS
CVE
CVE
added 2017/07/14 3:0 p.m.64 views

CVE-2017-7681

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection (CVE-2017-7681), enabling authenticated users to modify query structures and disclose data from other queries. Multiple connected sources confirm the issue and state that it is fixed in version 3.3.0. Affected component: OpenMeetings server...

8.8CVSS8.8AI score0.01285EPSS
CVE
CVE
added 2018/02/28 6:0 p.m.63 views

CVE-2018-1286

CVE-2018-1286 affects Apache OpenMeetings versions 3.0.0–4.0.1. The root cause is that CRUD operations on privileged users are not password protected, enabling an authenticated attacker to deny service for privileged users. The impact described is denial of service against privileged accounts; no...

6.5CVSS6.5AI score0.01106EPSS
CVE
CVE
added 2017/07/14 3:0 p.m.61 views

CVE-2017-7685

Apache OpenMeetings 1.0.0 is reported to respond to insecure HTTP methods (PUT, DELETE, HEAD, PATCH). The available connected sources confirm this behavior but do not provide concrete details on root cause, affected versions beyond 1.0.0, exploit scenarios, or remediation steps. No fixes or mitig...

5.3CVSS5.6AI score0.0286EPSS
CVE
CVE
added 2016/04/11 2:0 p.m.59 views

CVE-2016-2163

CVE-2016-2163 affects Apache OpenMeetings prior to 3.1.1. The issue is a Cross-Site Scripting (XSS) in the event creation flow where the event description can be crafted to inject script/HTML. Root cause is insufficient validation of input in the event description field. Impact is remote, unauthe...

6.1CVSS6.1AI score0.07974EPSS
CVE
CVE
added 2016/04/11 2:0 p.m.58 views

CVE-2016-0783

CVE-2016-0783 affects Apache OpenMeetings prior to 3.1.1. The vulnerability resides in the sendHashByUser function, which generates password reset tokens deterministically using a username and the current system time, enabling remote attackers to reset arbitrary user passwords under that knowledg...

7.5CVSS7.6AI score0.07104EPSS
CVE
CVE
added 2023/05/12 7:43 a.m.56 views

CVE-2023-29246

CVE-2023-29246 affects Apache OpenMeetings 2.0.0–7.1.0. A code execution vulnerability arises from improper input validation, enabling RCE via null-byte injection once an admin account is compromised. Several sources corroborate the affected product/version range and the RCE impact. Mitigation in...

7.2CVSS7.1AI score0.0147EPSS
CVE
CVE
added 2017/10/12 6:0 p.m.55 views

CVE-2016-8736

Apache OpenMeetings (before 3.1.2) is vulnerable to Remote Code Execution via RMI deserialization. The root cause is deserialization of untrusted data in the RMI path, enabling an attacker to execute arbitrary code on the affected server. Public advisories reference OpenMeetings RCE through this ...

9.8CVSS9.7AI score0.04781EPSS
CVE
CVE
added 2016/08/19 9:0 p.m.54 views

CVE-2016-3089

CVE-2016-3089 affects Apache OpenMeetings (SWF panel). The vulnerability arises from insufficient input filtering of the swf parameter, enabling cross-site scripting (XSS). Affected version line is OpenMeetings before 3.1.2; exploitation would allow remote injection of script/HTML via the swf par...

6.1CVSS6.1AI score0.04858EPSS
CVE
CVE
added 2016/04/11 2:0 p.m.51 views

CVE-2016-0784

CVE-2016-0784 is a directory traversal vulnerability in Apache OpenMeetings’ Import/Export System Backups. Versions before 3.1.1 are affected and allow remote authenticated administrators to write arbitrary files via crafted ZIP entries that use ".." in the path. Root cause: missing validation of...

6.5CVSS6.3AI score0.56314EPSS
Web
CVE
CVE
added 2023/05/12 7:43 a.m.50 views

CVE-2023-29032

Summary of CVE-2023-29032 (Apache OpenMeetings) Multiple connected sources corroborate a vulnerability in Apache OpenMeetings affecting versions 3.1.3 through 7.1.0, caused by an authorization/privilege-management issue that enables an attacker to impersonate another user. The core impact is impr...

8.1CVSS7.9AI score0.01093EPSS
CVE
CVE
added 2026/04/09 3:52 p.m.22 views

CVE-2026-34020

CVE-2026-34020 affects Apache OpenMeetings (versions 3.1.3 through 8.9.99). The REST login endpoint uses HTTP GET with username and password passed as query parameters, exposing credentials in server logs, browser history, and potentially network monitoring. The issue is mitigated by upgrading to...

7.5CVSS5.8AI score0.00509EPSS
CVE
CVE
added 2026/04/09 3:52 p.m.15 views

CVE-2026-33005

Apache OpenMeetings is affected by an Improper Handling of Insufficient Privileges vulnerability. A registered user can query the web service with their credentials and retrieve metadata (e.g., id, type, name, and other FileItemDTO fields) for files and sub-folders of any folder by ID, with no co...

4.3CVSS5.8AI score0.00418EPSS
CVE
CVE
added 2026/04/09 3:52 p.m.14 views

CVE-2026-33266

CVE-2026-33266 : Apache OpenMeetings is affected by a hard-coded remember-me cookie encryption key in openmeetings.properties, not auto-rotated. If an admin does not change the default key, a cookie stolen from a logged-in user can expose full user credentials. Affected versions: 6.1.0 up to 9.0....

7.5CVSS5.9AI score0.00234EPSS