threat
engine
.sh
Back
·
··:··
Home
/
Product
/
apache openmeetings
Product
apache openmeetings
28 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-34020
>= 3.1.3 and < 9.0.0
Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GE
7.5
HIGH
CVE-2026-33266
>= 6.1.0 and < 9.0.0
Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default
7.5
HIGH
CVE-2026-33005
>= 3.1.0 and < 9.0.0
Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with
4.3
MEDIUM
CVE-2024-54676
>= 2.1 and < 8.0.0
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clust
9.8
CRITICAL
CVE-2023-29246
>= 2.0.0 and < 7.1.0
An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundat
7.2
HIGH
CVE-2023-29032
>= 3.1.3 and < 7.1.0
An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software
8.1
HIGH
CVE-2023-28936
>= 2.0.0 and < 7.1.0
Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from
5.3
MEDIUM
CVE-2023-28326
>= 2.0 and < 7.0.0
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can
9.8
CRITICAL
CVE-2021-27576
>= 4.0.0 and < 6.0.0
If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was ad
7.5
HIGH
CVE-2020-13951
>= 4.0.0 and <= 5.0.0
Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.
7.5
HIGH
CVE-2018-1286
>= 3.0.0 and <= 4.0.1
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated att
6.5
MEDIUM
CVE-2016-8736
< 3.1.2
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
9.8
CRITICAL
CVE-2017-7688
all versions
Apache OpenMeetings 1.0.0 updates user password in insecure manner.
7.5
HIGH
CVE-2017-7685
all versions
Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.
5.3
MEDIUM
CVE-2017-7684
all versions
Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading m
7.5
HIGH
CVE-2017-7683
all versions
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
7.5
HIGH
CVE-2017-7682
all versions
Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.
8.2
HIGH
CVE-2017-7681
all versions
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing
8.8
HIGH
CVE-2017-7680
all versions
Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted
7.5
HIGH
CVE-2017-7673
all versions
Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dial
9.8
CRITICAL
CVE-2017-7666
all versions
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based a
8.8
HIGH
CVE-2017-7664
all versions
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
10.0
CRITICAL
CVE-2017-7663
all versions
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
6.1
MEDIUM
CVE-2016-3089
<= 3.1.1
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject ar
6.1
MEDIUM
CVE-2016-2164
<= 3.1.0
The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1
7.5
HIGH
CVE-2016-2163
<= 3.1.0
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web scrip
6.1
MEDIUM
CVE-2016-0784
<= 3.1.0
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows rem
6.5
MEDIUM
CVE-2016-0783
<= 3.1.0
The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin