Insecure Cross-Domain Policy in Apache OpenMeetings
CVE-2017-7680

7.5HIGH

Key Information:

Vendor
Apache
Status
Apache Openmeetings
Vendor
CVE Published:
17 July 2017

Summary

Apache OpenMeetings 1.0.0 contains an insecure configuration in its crossdomain.xml file, which allows Flash content to be loaded from untrusted domains. This misconfiguration can expose users to various security risks, including data theft or malicious attacks, as it permits unauthorized access to resources hosted on the application.

Affected Version(s)

Apache OpenMeetings 1.0.0

References

http://markmail.org/message/whhibri7ervbjvda
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.