Vulnerabilities > Apache > Openmeetings > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-03-28 CVE-2023-28326 Unspecified vulnerability in Apache Openmeetings
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room
network
low complexity
apache
critical
9.8
2017-10-12 CVE-2016-8736 Deserialization of Untrusted Data vulnerability in Apache Openmeetings
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
network
low complexity
apache CWE-502
critical
9.8
2017-07-17 CVE-2017-7664 XXE vulnerability in Apache Openmeetings
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
network
low complexity
apache CWE-611
critical
10.0
2017-07-17 CVE-2017-7673 Improper Restriction of Excessive Authentication Attempts vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
network
low complexity
apache CWE-307
critical
9.8