Apache: >> Openmeetings Security Vulnerabilities
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0
Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.
Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
CVSS Score
9.8
EPSS Score
0.023
Published
2025-01-08
Attacker can access arbitrary recording/room
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
CVSS Score
5.3
EPSS Score
0.002
Published
2023-05-12
An attacker that has gained access to certain private information can use this to act as other user.
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
CVSS Score
8.1
EPSS Score
0.001
Published
2023-05-12
An attacker who has gained access to an admin account can perform RCE via null-byte injection
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
CVSS Score
7.2
EPSS Score
0.001
Published
2023-05-12
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0
Description: Attacker can elevate their privileges in any room
CVSS Score
9.8
EPSS Score
0.002
Published
2023-03-28
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0
CVSS Score
7.5
EPSS Score
0.059
Published
2021-03-15
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
CVSS Score
7.5
EPSS Score
0.495
Published
2020-09-30
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-02-28
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
CVSS Score
9.8
EPSS Score
0.061
Published
2017-10-12
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
CVSS Score
5.3
EPSS Score
0.011
Published
2017-07-17
Page 1