Arbitrary Recording Access in Apache OpenMeetings <7.1.0
CVE-2023-28936 Published on May 12, 2023
Apache OpenMeetings: insufficient check of invitation hash
Attacker can access arbitrary recording/room
Vendor: The Apache Software Foundation
Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0
Vulnerability Analysis
CVE-2023-28936 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Incorrect Comparison
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
Products Associated with CVE-2023-28936
Want to know whenever a new CVE is published for Apache Openmeetings? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache OpenMeetings:- Version 2.0.0 and below 7.1.0 is affected.
- Version 2.0.0 and below 7.1.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.