SQL Injection Vulnerability in Apache OpenMeetings by Apache
CVE-2017-7681

8.8HIGH

Key Information:

Vendor: Apache
Status: Apache Openmeetings
Vendor: CVE Published:; 13 July 2017

Summary

Apache OpenMeetings version 1.0.0 is susceptible to an SQL injection vulnerability that enables authenticated users to manipulate the existing query structure. This exploitation can lead to unauthorized access to sensitive information, as it allows attackers to expose the structure of backend queries executed by the application. Users of this version should implement immediate measures to secure their environments.

Affected Version(s)

Apache OpenMeetings 1.0.0

References

http://markmail.org/message/j774dp5ro5xmkmg6

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 13, 2017
Vulnerability Reserved
Apr 11, 2017