Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/38700?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38700?format=api", "vulnerability_id": "VCID-cy2v-sp7y-guba", "summary": "Improper Restriction of Excessive Authentication Attempts\nApache OpenMeetings uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.", "aliases": [ { "alias": "CVE-2017-7673" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53753?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.3.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53745?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@1.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33h6-dtvw-kudy" }, { "vulnerability": "VCID-4kqb-69nx-ffgr" }, { "vulnerability": "VCID-73d7-xcav-67h3" }, { "vulnerability": "VCID-7tkn-ptbs-ruhn" }, { "vulnerability": "VCID-cy2v-sp7y-guba" }, { "vulnerability": "VCID-g2md-yap1-pkhe" }, { "vulnerability": "VCID-gpv8-hbup-pudv" }, { "vulnerability": "VCID-sv6x-344a-uucy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@1.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53746?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33h6-dtvw-kudy" }, { "vulnerability": "VCID-4kqb-69nx-ffgr" }, { "vulnerability": "VCID-73d7-xcav-67h3" }, { "vulnerability": "VCID-7tkn-ptbs-ruhn" }, { "vulnerability": "VCID-cy2v-sp7y-guba" }, { "vulnerability": "VCID-g2md-yap1-pkhe" }, { "vulnerability": "VCID-gpv8-hbup-pudv" }, { "vulnerability": "VCID-sv6x-344a-uucy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/53747?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33h6-dtvw-kudy" }, { "vulnerability": "VCID-4kqb-69nx-ffgr" }, { "vulnerability": "VCID-73d7-xcav-67h3" }, { "vulnerability": "VCID-7tkn-ptbs-ruhn" }, { "vulnerability": "VCID-cy2v-sp7y-guba" }, { "vulnerability": "VCID-g2md-yap1-pkhe" }, { "vulnerability": "VCID-gpv8-hbup-pudv" }, { "vulnerability": "VCID-sv6x-344a-uucy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53748?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33h6-dtvw-kudy" }, { "vulnerability": "VCID-4kqb-69nx-ffgr" }, { "vulnerability": "VCID-73d7-xcav-67h3" }, { "vulnerability": "VCID-7cjy-cp47-gfdj" }, { "vulnerability": "VCID-7tkn-ptbs-ruhn" }, { "vulnerability": "VCID-cy2v-sp7y-guba" }, { "vulnerability": "VCID-g2md-yap1-pkhe" }, { "vulnerability": "VCID-gpv8-hbup-pudv" }, { "vulnerability": "VCID-sv6x-344a-uucy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53749?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.0.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33h6-dtvw-kudy" }, { "vulnerability": "VCID-4kqb-69nx-ffgr" }, { "vulnerability": "VCID-73d7-xcav-67h3" }, { "vulnerability": "VCID-7tkn-ptbs-ruhn" }, { "vulnerability": "VCID-cy2v-sp7y-guba" }, { "vulnerability": "VCID-g2md-yap1-pkhe" }, { "vulnerability": "VCID-gpv8-hbup-pudv" }, { "vulnerability": "VCID-sv6x-344a-uucy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.0.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/52622?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-13a5-bd9x-g7c1" }, { "vulnerability": "VCID-33h6-dtvw-kudy" }, { "vulnerability": "VCID-4kqb-69nx-ffgr" }, { "vulnerability": "VCID-5y29-hbr6-dqbg" }, { "vulnerability": "VCID-73d7-xcav-67h3" }, { "vulnerability": "VCID-7tkn-ptbs-ruhn" }, { "vulnerability": "VCID-cy2v-sp7y-guba" }, { "vulnerability": "VCID-g2md-yap1-pkhe" }, { "vulnerability": "VCID-gpv8-hbup-pudv" }, { "vulnerability": "VCID-h2vq-z9kt-5fe2" }, { "vulnerability": "VCID-sv6x-344a-uucy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53750?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33h6-dtvw-kudy" }, { "vulnerability": "VCID-4kqb-69nx-ffgr" }, { "vulnerability": "VCID-5y29-hbr6-dqbg" }, { "vulnerability": "VCID-73d7-xcav-67h3" }, { "vulnerability": "VCID-7tkn-ptbs-ruhn" }, { "vulnerability": "VCID-cy2v-sp7y-guba" }, { "vulnerability": "VCID-g2md-yap1-pkhe" }, { "vulnerability": "VCID-gpv8-hbup-pudv" }, { "vulnerability": "VCID-sv6x-344a-uucy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/53751?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33h6-dtvw-kudy" }, { "vulnerability": "VCID-4kqb-69nx-ffgr" }, { "vulnerability": "VCID-5y29-hbr6-dqbg" }, { "vulnerability": "VCID-73d7-xcav-67h3" }, { "vulnerability": "VCID-7tkn-ptbs-ruhn" }, { "vulnerability": "VCID-cy2v-sp7y-guba" }, { "vulnerability": "VCID-g2md-yap1-pkhe" }, { "vulnerability": "VCID-gpv8-hbup-pudv" }, { "vulnerability": "VCID-sv6x-344a-uucy" }, { "vulnerability": "VCID-y22j-q9ga-vyfu" }, { "vulnerability": "VCID-z9e2-6vk2-5kca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/53752?format=api", "purl": "pkg:maven/org.apache.openmeetings/openmeetings-parent@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-33h6-dtvw-kudy" }, { "vulnerability": "VCID-4kqb-69nx-ffgr" }, { "vulnerability": "VCID-5y29-hbr6-dqbg" }, { "vulnerability": "VCID-73d7-xcav-67h3" }, { "vulnerability": "VCID-7tkn-ptbs-ruhn" }, { "vulnerability": "VCID-cy2v-sp7y-guba" }, { "vulnerability": "VCID-g2md-yap1-pkhe" }, { "vulnerability": "VCID-gpv8-hbup-pudv" }, { "vulnerability": "VCID-sv6x-344a-uucy" }, { "vulnerability": "VCID-y22j-q9ga-vyfu" }, { "vulnerability": "VCID-z9e2-6vk2-5kca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@3.2.1" } ], "references": [ { "reference_url": "http://www.securityfocus.com/bid/99587", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99587" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7673", "reference_id": "CVE-2017-7673", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7673" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 307, "name": "Improper Restriction of Excessive Authentication Attempts", "description": "The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks." }, { "cwe_id": 326, "name": "Inadequate Encryption Strength", "description": "The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cy2v-sp7y-guba" }