CVE-2017-7681

8.8HIGH

Key Information:

Vendor: Apache
Status: Apache Openmeetings
Vendor: CVE Published:; 13 July 2017

Summary

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

Affected Version(s)

Apache OpenMeetings 1.0.0

References

http://markmail.org/message/j774dp5ro5xmkmg6

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2017
Vulnerability Reserved
Apr 11, 2017