Openmeetings Apache Openmeetings

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Apache Openmeetings.

By the Year

In 2025 there have been 1 vulnerability in Apache Openmeetings with an average score of 9.8 out of ten. Openmeetings did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2025 as compared to last year.




Year Vulnerabilities Average Score
2025 1 9.80
2024 0 0.00
2023 4 7.60
2022 0 0.00
2021 1 7.50
2020 1 7.50
2019 0 0.00
2018 1 6.50

It may take a day or so for new Openmeetings vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apache Openmeetings Security Vulnerabilities

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings

CVE-2024-54676 9.8 - Critical - January 08, 2025

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html  doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.

Marshaling, Unmarshaling

An attacker who has gained access to an admin account can perform RCE

CVE-2023-29246 7.2 - High - May 12, 2023

An attacker who has gained access to an admin account can perform RCE via null-byte injection Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

Improper Input Validation

An attacker that has gained access to certain private information can use this to act as other user

CVE-2023-29032 8.1 - High - May 12, 2023

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0

authentification

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings

CVE-2023-28936 5.3 - Medium - May 12, 2023

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

Incorrect Comparison

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings

CVE-2023-28326 9.8 - Critical - March 28, 2023

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room

Missing Authentication for Critical Function

If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server

CVE-2021-27576 7.5 - High - March 15, 2021

If was found that the NetTest web service can be used to overload the bandwidth of a Apache OpenMeetings server. This issue was addressed in Apache OpenMeetings 6.0.0

Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.

CVE-2020-13951 7.5 - High - September 30, 2020

Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.

In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected

CVE-2018-1286 6.5 - Medium - February 28, 2018

In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.

authentification

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apache Openmeetings or by Apache? Click the Watch button to subscribe.

Apache
Vendor

subscribe