Apache OpenMeetings

Apache OpenMeetings 5

OTHER 1 CVE

5.1.0

SEMANTIC 1 CVE

before 3.1.12

OTHER 1 CVE

3.0.0-4.0.1

OTHER 1 CVE

2.1

MAJOR_MINOR 1 CVE

3.2.0

SEMANTIC 2 CVEs

1.0.0

SEMANTIC 8 CVEs

3.1.3

SEMANTIC 1 CVE

4.0.0

SEMANTIC 1 CVE

2.0.0

SEMANTIC 3 CVEs

3.1.0

SEMANTIC 1 CVE

CVE-2024-54676

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html  doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.

UNKNOWN Jan 08, 2025

CVE-2023-28936

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

UNKNOWN May 12, 2023

CVE-2023-29032

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0

UNKNOWN May 12, 2023

CVE-2023-29246

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

UNKNOWN May 12, 2023

CVE-2023-28326

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room

UNKNOWN Mar 28, 2023