CVE-2017-7673 – org.apache.openmeetings:openmeetings-parent

Package

Manager: maven
Name: org.apache.openmeetings:openmeetings-parent
Vulnerable Version: >=1.0.0 <3.3.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00405 pctl0.60203

Details

Apache OpenMeetings has Inadequate Encryption Strength Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.

Metadata

Created: 2022-05-13T01:47:04Z
Modified: 2022-11-22T18:57:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cqm6-hrgq-6869/GHSA-cqm6-hrgq-6869.json
CWE IDs: ["CWE-326"]
Alternative ID: GHSA-cqm6-hrgq-6869
Finding: F052
Auto approve: 1