28 matches found
CVE-2020-13951
CVE-2020-13951 affects Apache OpenMeetings where a DoS can be triggered via the public NetTest web service in versions 4.0.0–5.0.0. The vulnerability description in connected sources confirms that remote attackers can organize a denial-of-service attack using the NetTest endpoint; exploit details...
CVE-2021-27576
CVE-2021-27576 concerns Apache OpenMeetings where the NetTest web service can be abused to overload the server’s bandwidth, resulting in a denial-of-service. The issue is described as a remote DoS with the NetTest component and is noted to have been addressed in Apache OpenMeetings 6.0.0. Public ...
CVE-2024-54676
CVE-2024-54676 affects Apache OpenMeetings (2.1.0 up to 8.0.0, multiple entries across feeds). The issue is deserialization of untrusted data in cluster mode due to clustering instructions not specifying OpenJPA white/blacklists. Affected users are advised to upgrade to OpenMeetings 8.0.0 and to ...
CVE-2023-28326
CVE-2023-28326 affects Apache OpenMeetings 2.0.0 up to, but not including, 7.0.0. The root cause is an access control error where meeting invitation URLs lack authentication, enabling an attacker to impersonate users and elevate privileges within a meeting room. Publicly documented by GHSA and re...
CVE-2017-7663
CVE-2017-7663 corresponds to an XSS vulnerability in Apache OpenMeetings 3.2.0, affecting both global and Room chat. The issue is publicly described as a cross-site scripting flaw in the OpenMeetings 3.2.0 release, with remediation noted as a fix in version 3.3.0. The NVD entry lists CVSS scores ...
CVE-2017-7683
CVE-2017-7683 affects Apache OpenMeetings 1.0.0, where error handling discloses the Tomcat version and a detailed stack trace. This information leakage can aid attackers by revealing server details. The advisory notes the issue is fixed in OpenMeetings 3.3.0; upgrading to >=3.3.0 is the recomm...
CVE-2017-7682
Summary: Apache OpenMeetings 3.2.0 is described as vulnerable to parameter manipulation attacks, enabling access to restricted areas (CVE-2017-7682). The Connected documents corroborate the same issue across multiple feeds (NVD, GHSA, OSV, CNVD, CNVD, etc.). Affected product/version: OpenMeetings...
CVE-2016-2164
The CVE-2016-2164 issue affects Apache OpenMeetings prior to 3.1.1. The vulnerability stems from the FileService.importFileByInternalUserId and FileService.importFile SOAP APIs, which improperly use the Java URL class without validating the protocol handler, allowing remote attackers to read arbi...
CVE-2017-7684
CVE-2017-7684 affects Apache OpenMeetings 1.0.0. The vulnerability arises from not checking the contents of uploaded files, enabling an attacker to cause a Denial of Service by uploading multiple large files. Public sources (NVD, OSV) describe impact as high (CVSS v3 base 7.5) with network access...
CVE-2017-7688
Apache OpenMeetings 1.0.0 is affected by an insecure password update vulnerability described as updating user passwords in an insecure manner. Multiple connected sources (NVD entry CVE-2017-7688; GHSA-XHJ7-JR45-5W8R; OSV and OpenVAS entries) confirm the issue and indicate it affects OpenMeetings ...
CVE-2017-7673
Apache OpenMeetings 1.0.0 is affected by CVE-2017-7673 due to weak cryptographic storage and missing brute-force protection in authentication-related forms, with registration and password-reset flows lacking captcha. Connected docs confirm the vulnerability details but do not provide a remediatio...
CVE-2017-7664
CVE-2017-7664 affects Apache OpenMeetings where uploaded XML documents were not correctly validated in version 3.1.0. The associated advisories indicate this was a remote issue due to missing XML validation, with a remediation noted as upgrading to 3.3.0 (the fix). The NVD metrics show a high bas...
CVE-2023-28936
CVE-2023-28936 affects Apache OpenMeetings 2.0.0 to before 7.1.0. Multiple connected entries (GHSA/OSV/NVD/CNVD) describe an insufficient authorization vulnerability that allows an attacker to access arbitrary recordings/rooms. Exploitation details are not provided in the supplied documents; no r...
CVE-2017-7666
CVE-2017-7666 affects Apache OpenMeetings 1.0.0 and exposes CSRF, XSS, click‑jacking, and MIME-based attacks. The issue is addressed in OpenMeetings 3.3.0; remediation is to upgrade to at least 3.3.0. Exploitation details are not provided in the supplied documents.
CVE-2017-7680
CVE-2017-7680 affects Apache OpenMeetings 1.0.0. The issue is an overly permissive crossdomain.xml file, allowing flash content to be loaded from untrusted domains. Root cause: crossdomain policy grants loading from external domains, enabling potential cross-domain interactions. Impact is the abi...
CVE-2017-7681
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection (CVE-2017-7681), enabling authenticated users to modify query structures and disclose data from other queries. Multiple connected sources confirm the issue and state that it is fixed in version 3.3.0. Affected component: OpenMeetings server...
CVE-2018-1286
CVE-2018-1286 affects Apache OpenMeetings versions 3.0.0–4.0.1. The root cause is that CRUD operations on privileged users are not password protected, enabling an authenticated attacker to deny service for privileged users. The impact described is denial of service against privileged accounts; no...
CVE-2017-7685
Apache OpenMeetings 1.0.0 is reported to respond to insecure HTTP methods (PUT, DELETE, HEAD, PATCH). The available connected sources confirm this behavior but do not provide concrete details on root cause, affected versions beyond 1.0.0, exploit scenarios, or remediation steps. No fixes or mitig...
CVE-2016-2163
CVE-2016-2163 affects Apache OpenMeetings prior to 3.1.1. The issue is a Cross-Site Scripting (XSS) in the event creation flow where the event description can be crafted to inject script/HTML. Root cause is insufficient validation of input in the event description field. Impact is remote, unauthe...
CVE-2016-0783
CVE-2016-0783 affects Apache OpenMeetings prior to 3.1.1. The vulnerability resides in the sendHashByUser function, which generates password reset tokens deterministically using a username and the current system time, enabling remote attackers to reset arbitrary user passwords under that knowledg...
CVE-2023-29246
CVE-2023-29246 affects Apache OpenMeetings 2.0.0–7.1.0. A code execution vulnerability arises from improper input validation, enabling RCE via null-byte injection once an admin account is compromised. Several sources corroborate the affected product/version range and the RCE impact. Mitigation in...
CVE-2016-8736
Apache OpenMeetings (before 3.1.2) is vulnerable to Remote Code Execution via RMI deserialization. The root cause is deserialization of untrusted data in the RMI path, enabling an attacker to execute arbitrary code on the affected server. Public advisories reference OpenMeetings RCE through this ...
CVE-2016-3089
CVE-2016-3089 affects Apache OpenMeetings (SWF panel). The vulnerability arises from insufficient input filtering of the swf parameter, enabling cross-site scripting (XSS). Affected version line is OpenMeetings before 3.1.2; exploitation would allow remote injection of script/HTML via the swf par...
CVE-2016-0784
CVE-2016-0784 is a directory traversal vulnerability in Apache OpenMeetings’ Import/Export System Backups. Versions before 3.1.1 are affected and allow remote authenticated administrators to write arbitrary files via crafted ZIP entries that use ".." in the path. Root cause: missing validation of...
CVE-2023-29032
Summary of CVE-2023-29032 (Apache OpenMeetings) Multiple connected sources corroborate a vulnerability in Apache OpenMeetings affecting versions 3.1.3 through 7.1.0, caused by an authorization/privilege-management issue that enables an attacker to impersonate another user. The core impact is impr...
CVE-2026-34020
CVE-2026-34020 affects Apache OpenMeetings (versions 3.1.3 through 8.9.99). The REST login endpoint uses HTTP GET with username and password passed as query parameters, exposing credentials in server logs, browser history, and potentially network monitoring. The issue is mitigated by upgrading to...
CVE-2026-33005
Apache OpenMeetings is affected by an Improper Handling of Insufficient Privileges vulnerability. A registered user can query the web service with their credentials and retrieve metadata (e.g., id, type, name, and other FileItemDTO fields) for files and sub-folders of any folder by ID, with no co...
CVE-2026-33266
CVE-2026-33266 : Apache OpenMeetings is affected by a hard-coded remember-me cookie encryption key in openmeetings.properties, not auto-rotated. If an admin does not change the default key, a cookie stolen from a logged-in user can expose full user credentials. Affected versions: 6.1.0 up to 9.0....