cbcvebase.
CVE-2024-54676
published 2025-01-08

CVE-2024-54676: Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at…

PriorityP276critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
65.18%
99.2th percentile
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.

Affected

2 ranges
VendorProductVersion rangeFixed in
apacheopenmeetings>= 2.1 < 8.0.08.0.0
apache_software_foundationapache_openmeetings>= 2.1 < 8.0.08.0.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.