CVE-2018-1286

CWE-287 — Improper Authentication4 documents4 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 60.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Openmeetings Apache Software Foundation Apache Openmeetings

Timeline

PublishedFeb 28

Latest updateMay 13

Description

In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Mavenorg.apache.openmeetings:openmeetings-parent3.0.0 — 4.0.2

▶NVDapache/openmeetings3.0.0 — 4.0.1

▶CVEListV5apache_software_foundation/apache_openmeetings3.0.0 - 4.0.1

🔴Vulnerability Details

OSV

Apache OpenMeetings may allow authenticated attacker to deny service for privileged users↗2022-05-13

▶

GHSA

Apache OpenMeetings may allow authenticated attacker to deny service for privileged users↗2022-05-13

▶

CVEList

CVE-2018-1286: In Apache OpenMeetings 3↗2018-02-28

▶