CVE-2017-7673

CWE-307 CWE-3264 documents4 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 38.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Openmeetings Apache Openmeetings

Timeline

PublishedJul 17

Latest updateMay 13

Description

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.apache.openmeetings:openmeetings-parent1.0.0 — 3.3.0

▶NVDapache/openmeetings21 versions+20

▶CVEListV5apache_software_foundation/apache_openmeetings1.0.0

🔴Vulnerability Details

GHSA

Apache OpenMeetings has Inadequate Encryption Strength↗2022-05-13

▶

OSV

Apache OpenMeetings has Inadequate Encryption Strength↗2022-05-13

▶

CVEList

CVE-2017-7673: Apache OpenMeetings 1↗2017-07-14

▶