pkg:Maven/org.apache.openmeetings:openmeetings-parent

25 total CVEsCRITICAL4HIGH14MEDIUM6

✅ Check your installed version

All known vulnerabilities

  • CRITICAL10.0CVE-2017-7664Apache OpenMeetings does not correctly validate uploaded XML documents
    >= 3.1.0, < 3.3.0
  • CRITICAL9.8CVE-2023-28326Apache OpenMeetings missing authentication and can allow user impersonation
    >= 2.0.0, < 7.0.0
  • CRITICAL9.8CVE-2016-8736Apache OpenMeetings RCE
    from 0, < 3.1.2
  • CRITICAL9.8CVE-2017-7673Apache OpenMeetings has Inadequate Encryption Strength
    >= 1.0.0, < 3.3.0
  • HIGH8.8CVE-2017-7666Apache OpenMeetings vulnerable to Cross-Site Request Forgery
    >= 1.0.0, < 3.3.0
  • HIGH8.8CVE-2017-7681Apache OpenMeetings vulnerable to SQL injection
    >= 1.0.0, < 3.3.0
  • HIGH8.2CVE-2017-7682Apache OpenMeetings vulnerable to parameter manipulation attacks
    >= 3.2.0, < 3.3.0
  • HIGH8.1CVE-2023-29032Apache OpenMeetings Improper Authentication vulnerability
    >= 3.1.3, < 7.1.0
  • HIGH7.5CVE-2026-34020Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings
    >= 3.1.3, < 9.0.0
  • HIGH7.5CVE-2026-33266Apache OpenMeetings Uses Hard-coded Cryptographic Key
    >= 6.1.0, < 9.0.0
  • HIGH7.5CVE-2017-7683Apache OpenMeetings displays Tomcat version and detailed error stack trace
    >= 1.0.0, < 3.3.0
  • HIGH7.5CVE-2016-2164Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file
    from 0, < 3.1.1
  • HIGH7.5CVE-2017-7684Apache OpenMeetings vulnerable to Uncontrolled Resource Consumption
    >= 1.0.0, < 3.3.0
  • HIGH7.5CVE-2017-7688Apache OpenMeetings updates user password in insecure manner
    >= 1.0.0, < 3.3.0
  • HIGH7.5CVE-2017-7680Apache OpenMeetings allows flash content to be loaded from untrusted domains
    >= 1.0.0, < 3.3.0
  • HIGH7.5CVE-2020-13951Denial of service in Apache OpenMeetings
    >= 4.0.0, < 5.1.0
  • HIGH7.5CVE-2021-27576Uncontrolled Resource Consumption in Apache OpenMeetings server
    >= 4.0.0, < 6.0.0
  • HIGH7.2CVE-2023-29246Apache OpenMeetings vulnerable to remote code execution via null-bye injection
    >= 2.0.0, < 7.1.0
  • MEDIUM6.5CVE-2018-1286Apache OpenMeetings may allow authenticated attacker to deny service for privileged users
    >= 3.0.0, < 4.0.2
  • MEDIUM6.1CVE-2017-7663Apache OpenMeetings Cross-site Scripting vulnerability
    >= 3.2.0, < 3.3.0
  • MEDIUM6.1CVE-2016-2163Apache OpenMeetings Cross-site Scripting vulnerability
    from 0, < 3.1.1
  • MEDIUM6.1CVE-2016-3089Apache OpenMeetings Cross-site Scripting vulnerability
    from 0, < 3.1.2
  • MEDIUM5.3CVE-2017-7685Apache OpenMeetings responds to insecure HTTP methods
    >= 1.0.0, < 3.3.0
  • MEDIUM4.3CVE-2026-33005Apache OpenMeetings has an Improper Handling of Insufficient Privileges vulnerability
    >= 3.10, < 9.0.0
  • CVE-2024-54676Apache OpenMeetings vulnerable to Deserialization of Untrusted Data
    >= 2.1.0, < 8.0.0