VYPR

Openmeetings

by Apache

Source repositories

CVEs (27)

  • CVE-2026-33005MedApr 9, 2026
    risk 0.21cvss 4.3epss 0.00

    Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field.…

  • CVE-2024-54676Jan 8, 2025
    risk 0.00cvss epss 0.65

    Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html  doesn't specify white/black lists for OpenJPA this leads to possible…

  • CVE-2023-28936May 12, 2023
    risk 0.00cvss epss 0.01

    Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

  • CVE-2023-29032May 12, 2023
    risk 0.00cvss epss 0.01

    An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0

  • CVE-2023-29246May 12, 2023
    risk 0.00cvss epss 0.01

    An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

  • CVE-2023-28326Mar 28, 2023
    risk 0.00cvss epss 0.01

    Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room

  • CVE-2021-27576Mar 15, 2021
    risk 0.00cvss epss 0.03

    If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0

Page 2 of 2