Vulnerabilities > Apache > Openmeetings > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-12 CVE-2023-29032 Unspecified vulnerability in Apache Openmeetings
An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
network
high complexity
apache
8.1
2023-05-12 CVE-2023-29246 Unspecified vulnerability in Apache Openmeetings
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
network
low complexity
apache
7.2
2021-03-15 CVE-2021-27576 Unspecified vulnerability in Apache Openmeetings
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server.
network
low complexity
apache
7.5
2020-09-30 CVE-2020-13951 Unspecified vulnerability in Apache Openmeetings
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
network
low complexity
apache
7.5
2017-07-17 CVE-2017-7688 Unspecified vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
network
low complexity
apache
7.5
2017-07-17 CVE-2017-7684 Resource Exhaustion vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded.
network
low complexity
apache CWE-400
7.5
2017-07-17 CVE-2017-7683 Information Exposure vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
network
low complexity
apache CWE-200
7.5
2017-07-17 CVE-2017-7682 Unspecified vulnerability in Apache Openmeetings 3.2.0/3.2.1
Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.
network
low complexity
apache
8.2
2017-07-17 CVE-2017-7681 SQL Injection vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection.
network
low complexity
apache CWE-89
8.8
2017-07-17 CVE-2017-7680 Unspecified vulnerability in Apache Openmeetings
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file.
network
low complexity
apache
7.5