High severity7.5NVD Advisory· Published Apr 11, 2016· Updated Jun 17, 2026
CVE-2016-2164
CVE-2016-2164
Description
The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.openmeetings:openmeetings-parentMaven | < 3.1.1 | 3.1.1 |
Affected products
2Patches
Vulnerability mechanics
References
6- openmeetings.apache.org/security.htmlnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-f6vf-465r-h42pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-2164ghsaADVISORY
- packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.htmlnvdWEB
- www.apache.org/dist/openmeetings/3.1.1/CHANGELOGnvdWEB
- www.securityfocus.com/archive/1/537887/100/0/threadednvd
News mentions
0No linked articles in our index yet.