Remote Code Execution Vulnerability in Apache OpenMeetings
CVE-2016-8736

9.8CRITICAL

Key Information:

Vendor: Apache
Status: Apache Openmeetings
Vendor: CVE Published:; 12 October 2017

Summary

Apache OpenMeetings prior to version 3.1.2 is exposed to a Remote Code Execution vulnerability that stems from a deserialization flaw in Remote Method Invocation (RMI). This vulnerability allows attackers to execute arbitrary code on the server by sending specially crafted serialized objects, potentially leading to unauthorized access and control over the application.

Affected Version(s)

Apache OpenMeetings before 3.1.12

References

http://openmeetings.markmail.org/thread/tr47byaaopnemvne

x_refsource_MISC

http://www.securityfocus.com/bid/94145

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2017
Vulnerability Reserved
Oct 18, 2016