CRITICAL🇬🇧 English

CVE-2017-7673

CVSS 9.8v3.0pub. 2017-07-17upd. 2026-05-13

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Openmeetings

    APP
    Apache
    1.0.02.02.12.1.12.2.03.0.03.0.13.0.23.0.33.0.43.0.53.0.63.0.73.1.03.1.1+ 6 więcej
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-54676CRITICAL9.8PL ✓ten sam produkt

Apache OpenMeetings: deserializacja niezaufanych danych w konfiguracji klastrowej

CVE-2023-28326CRITICAL9.8ten sam produkt

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Descri...

CVE-2016-8736CRITICAL9.8ten sam produkt

Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.

CVE-2017-7664CRITICAL10.0ten sam produkt

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.

CVE-2026-33266HIGH7.5ten sam produkt

Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption k...

CVE-2017-7673 — CRITICAL 9.8 | CVEbaza.pl