Shodan
Vulnerabilities
Vulnerable Software
Apache:  >> Openmeetings  >> 3.0.2  Security Vulnerabilities
CVE-2024-54676
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html  doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
CVSS Score
9.8
EPSS Score
0.023
Published
2025-01-08
CVE-2023-28936
Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
CVSS Score
5.3
EPSS Score
0.002
Published
2023-05-12
CVE-2023-29246
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
CVSS Score
7.2
EPSS Score
0.001
Published
2023-05-12
CVE-2023-28326
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room
CVSS Score
9.8
EPSS Score
0.002
Published
2023-03-28
CVE-2018-1286
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.
CVSS Score
6.5
EPSS Score
0.002
Published
2018-02-28
CVE-2016-8736
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
CVSS Score
9.8
EPSS Score
0.061
Published
2017-10-12
CVE-2017-7685
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
CVSS Score
5.3
EPSS Score
0.011
Published
2017-07-17
CVE-2017-7688
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
CVSS Score
7.5
EPSS Score
0.011
Published
2017-07-17
CVE-2017-7666
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
CVSS Score
8.8
EPSS Score
0.002
Published
2017-07-17
CVE-2017-7673
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.
CVSS Score
9.8
EPSS Score
0.004
Published
2017-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved