Openmeetings
by Apache
Source repositories
CVEs (27)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33005 | Med | 0.21 | 4.3 | 0.00 | Apr 9, 2026 | Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field.… | ||
| CVE-2024-54676 | 0.00 | — | 0.65 | Jan 8, 2025 | Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible… | |||
| CVE-2023-28936 | 0.00 | — | 0.01 | May 12, 2023 | Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | |||
| CVE-2023-29032 | 0.00 | — | 0.01 | May 12, 2023 | An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0 | |||
| CVE-2023-29246 | 0.00 | — | 0.01 | May 12, 2023 | An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | |||
| CVE-2023-28326 | 0.00 | — | 0.01 | Mar 28, 2023 | Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room | |||
| CVE-2021-27576 | 0.00 | — | 0.03 | Mar 15, 2021 | If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0 |
- risk 0.21cvss 4.3epss 0.00
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field.…
- CVE-2024-54676Jan 8, 2025risk 0.00cvss —epss 0.65
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible…
- CVE-2023-28936May 12, 2023risk 0.00cvss —epss 0.01
Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
- CVE-2023-29032May 12, 2023risk 0.00cvss —epss 0.01
An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0
- CVE-2023-29246May 12, 2023risk 0.00cvss —epss 0.01
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
- CVE-2023-28326Mar 28, 2023risk 0.00cvss —epss 0.01
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room
- CVE-2021-27576Mar 15, 2021risk 0.00cvss —epss 0.03
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0
Page 2 of 2