Vulnerabilities > Apache > Openmeetings

DATE CVE VULNERABILITY TITLE RISK
2023-05-12 CVE-2023-28936 Unspecified vulnerability in Apache Openmeetings
Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
network
low complexity
apache
5.3
2023-05-12 CVE-2023-29032 Unspecified vulnerability in Apache Openmeetings
An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
network
high complexity
apache
8.1
2023-05-12 CVE-2023-29246 Unspecified vulnerability in Apache Openmeetings
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
network
low complexity
apache
7.2
2023-03-28 CVE-2023-28326 Unspecified vulnerability in Apache Openmeetings
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room
network
low complexity
apache
critical
9.8
2021-03-15 CVE-2021-27576 Unspecified vulnerability in Apache Openmeetings
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server.
network
low complexity
apache
7.5
2020-09-30 CVE-2020-13951 Unspecified vulnerability in Apache Openmeetings
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
network
low complexity
apache
7.5
2018-02-28 CVE-2018-1286 Improper Authentication vulnerability in Apache Openmeetings
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
network
low complexity
apache CWE-287
6.5
2017-10-12 CVE-2016-8736 Deserialization of Untrusted Data vulnerability in Apache Openmeetings
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
network
low complexity
apache CWE-502
critical
9.8
2017-07-17 CVE-2017-7688 Unspecified vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
network
low complexity
apache
7.5
2017-07-17 CVE-2017-7685 Unspecified vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
network
low complexity
apache
5.3