CyberSec.Space Logo
Back to CVE Browser

CVE-2017-7673

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0310%
EPSS Percentile39.66th
PublishedJul 17, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.

Affected Platforms (CPE)

πŸ“¦
Apache

Openmeetings

= 1.0.0
πŸ“¦
Apache

Openmeetings

= 2.0
πŸ“¦
Apache

Openmeetings

= 2.1
πŸ“¦
Apache

Openmeetings

= 2.1.1
πŸ“¦
Apache

Openmeetings

= 2.2.0
πŸ“¦
Apache

Openmeetings

= 3.0.0
πŸ“¦
Apache

Openmeetings

= 3.0.1
πŸ“¦
Apache

Openmeetings

= 3.0.2
πŸ“¦
Apache

Openmeetings

= 3.0.3
πŸ“¦
Apache

Openmeetings

= 3.0.4
πŸ“¦
Apache

Openmeetings

= 3.0.5
πŸ“¦
Apache

Openmeetings

= 3.0.6
πŸ“¦
Apache

Openmeetings

= 3.0.7
πŸ“¦
Apache

Openmeetings

= 3.1.0
πŸ“¦
Apache

Openmeetings

= 3.1.1
πŸ“¦
Apache

Openmeetings

= 3.1.2
πŸ“¦
Apache

Openmeetings

= 3.1.3
πŸ“¦
Apache

Openmeetings

= 3.1.4
πŸ“¦
Apache

Openmeetings

= 3.1.5
πŸ“¦
Apache

Openmeetings

= 3.2.0
πŸ“¦
Apache

Openmeetings

= 3.2.1

References & Advisories

πŸ”— http://markmail.org/message/3hshl26omwjo6c5i
πŸ”— http://www.securityfocus.com/bid/99587
πŸ”— http://markmail.org/message/3hshl26omwjo6c5i
πŸ”— http://www.securityfocus.com/bid/99587

Related Vulnerabilities

CVE-2017-766410.0

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.

CVE-2016-87369.8

Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.

CVE-2017-76668.8

Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based a...

CVE-2017-76818.8

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing ...