Apache: >> Openmeetings >> 6.3.0 Security Vulnerabilities
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0
Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.
Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
CVSS Score
9.8
EPSS Score
0.023
Published
2025-01-08
Attacker can access arbitrary recording/room
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
CVSS Score
5.3
EPSS Score
0.002
Published
2023-05-12
An attacker that has gained access to certain private information can use this to act as other user.
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
CVSS Score
8.1
EPSS Score
0.001
Published
2023-05-12
An attacker who has gained access to an admin account can perform RCE via null-byte injection
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
CVSS Score
7.2
EPSS Score
0.001
Published
2023-05-12
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0
Description: Attacker can elevate their privileges in any room
CVSS Score
9.8
EPSS Score
0.002
Published
2023-03-28