Vulnerabilities > Apache > Openmeetings > 3.1.2

DATE CVE VULNERABILITY TITLE RISK
2025-01-08 CVE-2024-54676 Unspecified vulnerability in Apache Openmeetings
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html  doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
network
low complexity
apache
critical
9.8
2023-05-12 CVE-2023-28936 Unspecified vulnerability in Apache Openmeetings
Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
network
low complexity
apache
5.3
2023-05-12 CVE-2023-29246 Unspecified vulnerability in Apache Openmeetings
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
network
low complexity
apache
7.2
2023-03-28 CVE-2023-28326 Unspecified vulnerability in Apache Openmeetings
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room
network
low complexity
apache
critical
9.8
2018-02-28 CVE-2018-1286 Improper Authentication vulnerability in Apache Openmeetings
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
network
low complexity
apache CWE-287
6.5
2017-07-17 CVE-2017-7688 Unspecified vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
network
low complexity
apache
7.5
2017-07-17 CVE-2017-7685 Unspecified vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
network
low complexity
apache
5.3
2017-07-17 CVE-2017-7684 Resource Exhaustion vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded.
network
low complexity
apache CWE-400
7.5
2017-07-17 CVE-2017-7683 Information Exposure vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
network
low complexity
apache CWE-200
7.5
2017-07-17 CVE-2017-7681 SQL Injection vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection.
network
low complexity
apache CWE-89
8.8