Vulnerabilities > Apereo > Opencast
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-30 | CVE-2020-5230 | Injection vulnerability in Apereo Opencast Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. | 5.0 |
| 2020-01-30 | CVE-2020-5222 | Use of Hard-coded Credentials vulnerability in Apereo Opencast Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an additional system key. | 6.5 |
| 2020-01-30 | CVE-2020-5229 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apereo Opencast Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. | 5.5 |
| 2020-01-30 | CVE-2020-5228 | Missing Authorization vulnerability in Apereo Opencast Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. | 5.0 |
| 2017-11-17 | CVE-2017-1000221 | Incorrect Permission Assignment for Critical Resource vulnerability in Apereo Opencast In Opencast 2.2.3 and older if user names overlap, the Opencast search service used for publication to the media modules and players will handle the access control incorrectly so that users only need to match part of the user name used for the access restriction. | 4.0 |