High severity7.5NVD Advisory· Published Apr 11, 2016· Updated May 6, 2026
CVE-2016-2164
CVE-2016-2164
Description
The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.openmeetings:openmeetings-parentMaven | < 3.1.1 | 3.1.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- openmeetings.apache.org/security.htmlnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-f6vf-465r-h42pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-2164ghsaADVISORY
- packetstormsecurity.com/files/136434/Apache-OpenMeetings-3.0.7-Arbitary-File-Read.htmlnvdWEB
- www.apache.org/dist/openmeetings/3.1.1/CHANGELOGnvdWEB
- www.securityfocus.com/archive/1/537887/100/0/threadednvd
News mentions
0No linked articles in our index yet.