{"url":"http://public2.vulnerablecode.io/api/packages/644301?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@6.3.0","type":"maven","namespace":"org.apache.openmeetings","name":"openmeetings-parent","version":"6.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.0.0","latest_non_vulnerable_version":"9.0.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89226?format=json","vulnerability_id":"VCID-3xum-p9mm-kbc3","summary":"Apache OpenMeetings Uses GET Request Method With Sensitive Query Strings\nUse of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings.\n\nThe REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact\n\n\nThis issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34020","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22113","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22098","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-34020"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/"}],"url":"https://lists.apache.org/thread/2h3h9do5tp17xldr0nps1yjmkx4vs3db"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34020","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34020"},{"reference_url":"https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T20:13:11Z/"}],"url":"https://owasp.org/www-community/vulnerabilities/Information_exposure_through_query_strings_in_url"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/12","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/12"},{"reference_url":"https://github.com/advisories/GHSA-gcvm-c75m-h4p4","reference_id":"GHSA-gcvm-c75m-h4p4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gcvm-c75m-h4p4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110268?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0"}],"aliases":["CVE-2026-34020","GHSA-gcvm-c75m-h4p4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3xum-p9mm-kbc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45177?format=json","vulnerability_id":"VCID-556q-4wch-sfde","summary":"Improper Input Validation\nAn attacker who has gained access to an admin account can perform RCE via null-byte injection\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29246","reference_id":"","reference_type":"","scores":[{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29208","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00111","scoring_system":"epss","scoring_elements":"0.29175","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29246"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/8e65a1344157b2898f2922d49a0bd2105687c4a5"},{"reference_url":"https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/9f12a48994d0ad741ac140c52cbd2152f0d048d5"},{"reference_url":"https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/f91ff1917027625f066a9007694a31d06e69df3a"},{"reference_url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2765","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2765"},{"reference_url":"https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:34:24Z/"}],"url":"https://lists.apache.org/thread/230plvhbdx26m43b0sy942wlwt6kkmmr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29246","reference_id":"CVE-2023-29246","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29246"},{"reference_url":"https://github.com/advisories/GHSA-mg5h-f3q8-c96g","reference_id":"GHSA-mg5h-f3q8-c96g","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mg5h-f3q8-c96g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65099?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/652891?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xum-p9mm-kbc3"},{"vulnerability":"VCID-vbkk-qkme-uyh9"},{"vulnerability":"VCID-vm9c-dvcd-3khf"},{"vulnerability":"VCID-xsja-94mz-hqbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0"}],"aliases":["CVE-2023-29246","GHSA-mg5h-f3q8-c96g"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-556q-4wch-sfde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44776?format=json","vulnerability_id":"VCID-6fca-mmbn-k7b7","summary":"Missing Authentication for Critical Function\nVendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28326","reference_id":"","reference_type":"","scores":[{"value":"0.01053","scoring_system":"epss","scoring_elements":"0.77948","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01053","scoring_system":"epss","scoring_elements":"0.77942","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28326"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://github.com/apache/openmeetings/commit/1fb71af36","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/1fb71af36"},{"reference_url":"https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-23T15:13:01Z/"}],"url":"https://lists.apache.org/thread/r9vn12dp5yofn1h3wd5x4h7c3vmmr5d9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28326","reference_id":"CVE-2023-28326","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28326"},{"reference_url":"https://github.com/advisories/GHSA-3r48-3m8r-4r9w","reference_id":"GHSA-3r48-3m8r-4r9w","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3r48-3m8r-4r9w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64437?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xum-p9mm-kbc3"},{"vulnerability":"VCID-556q-4wch-sfde"},{"vulnerability":"VCID-vbkk-qkme-uyh9"},{"vulnerability":"VCID-vfk3-wtbw-kuf9"},{"vulnerability":"VCID-vm9c-dvcd-3khf"},{"vulnerability":"VCID-xsja-94mz-hqbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.0.0"}],"aliases":["CVE-2023-28326","GHSA-3r48-3m8r-4r9w"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fca-mmbn-k7b7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89795?format=json","vulnerability_id":"VCID-vbkk-qkme-uyh9","summary":"Apache OpenMeetings Uses Hard-coded Cryptographic Key\nUse of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings.\n\nThe remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case OM admin hasn't changed the default encryption key, an attacker who has stolen a cookie from a logged-in user can get full user credentials.\n\n\nThis issue affects Apache OpenMeetings: from 6.1.0 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33266","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17515","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1751","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33266"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://lists.apache.org/thread/b05jnp9563v49zq494lox9kjbhhf2w66","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:47:33Z/"}],"url":"https://lists.apache.org/thread/b05jnp9563v49zq494lox9kjbhhf2w66"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33266","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33266"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/11","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/11"},{"reference_url":"https://github.com/advisories/GHSA-wqxq-w68r-wg85","reference_id":"GHSA-wqxq-w68r-wg85","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wqxq-w68r-wg85"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110268?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0"}],"aliases":["CVE-2026-33266","GHSA-wqxq-w68r-wg85"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vbkk-qkme-uyh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45164?format=json","vulnerability_id":"VCID-vfk3-wtbw-kuf9","summary":"Improper Authentication\nAn attacker that has gained access to certain private information can use this to act as other user.\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29032","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41056","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41052","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29032"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/4e89e0ca076c83f26562f1146cf3e81ba0b16a7f"},{"reference_url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2764","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2764"},{"reference_url":"https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:44:48Z/"}],"url":"https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29032","reference_id":"CVE-2023-29032","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29032"},{"reference_url":"https://github.com/advisories/GHSA-v9rm-7rv9-r3fw","reference_id":"GHSA-v9rm-7rv9-r3fw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v9rm-7rv9-r3fw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65099?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/652891?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xum-p9mm-kbc3"},{"vulnerability":"VCID-vbkk-qkme-uyh9"},{"vulnerability":"VCID-vm9c-dvcd-3khf"},{"vulnerability":"VCID-xsja-94mz-hqbh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@7.2.0"}],"aliases":["CVE-2023-29032","GHSA-v9rm-7rv9-r3fw"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfk3-wtbw-kuf9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/89300?format=json","vulnerability_id":"VCID-vm9c-dvcd-3khf","summary":"Apache OpenMeetings has an Improper Handling of Insufficient Privileges vulnerability\nSny registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object.\n\nThis issue affects Apache OpenMeetings: from 3.10 before 9.0.0.\n\nUsers are recommended to upgrade to version 9.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33005","reference_id":"","reference_type":"","scores":[{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.332","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00135","scoring_system":"epss","scoring_elements":"0.33214","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33005"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:44:03Z/"}],"url":"https://lists.apache.org/thread/pttoprd628g3xr6lpp3bm1z8m3z8t4p7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33005","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33005"},{"reference_url":"https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/apache/openmeetings/db/dto/file/FileItemDTO.html","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:44:03Z/"}],"url":"https://openmeetings.apache.org/openmeetings-db/apidocs/org.apache.openmeetings.db/org/apache/openmeetings/db/dto/file/FileItemDTO.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/09/10","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/09/10"},{"reference_url":"https://github.com/advisories/GHSA-78cg-fc6c-w44w","reference_id":"GHSA-78cg-fc6c-w44w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-78cg-fc6c-w44w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/110268?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@9.0.0"}],"aliases":["CVE-2026-33005","GHSA-78cg-fc6c-w44w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vm9c-dvcd-3khf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56442?format=json","vulnerability_id":"VCID-xsja-94mz-hqbh","summary":"Apache OpenMeetings vulnerable to Deserialization of Untrusted Data\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0\n\nDescription: Default clustering instructions at  https://openmeetings.apache.org/Clustering.html doesn't specify allow/deny lists for OpenJPA this leads to possible deserialisation of untrusted data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54676","reference_id":"","reference_type":"","scores":[{"value":"0.06098","scoring_system":"epss","scoring_elements":"0.90944","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06098","scoring_system":"epss","scoring_elements":"0.90943","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54676"},{"reference_url":"https://github.com/apache/openmeetings","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings"},{"reference_url":"https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/openmeetings/commit/1c3426c6d3abbd984a3c01a61decf1242ea38923"},{"reference_url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2787","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/OPENMEETINGS-2787"},{"reference_url":"https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-08T14:00:24Z/"}],"url":"https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/01/08/1","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/01/08/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54676","reference_id":"CVE-2024-54676","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-54676"},{"reference_url":"https://github.com/advisories/GHSA-mjf9-4pcv-vfg7","reference_id":"GHSA-mjf9-4pcv-vfg7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mjf9-4pcv-vfg7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83701?format=json","purl":"pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3xum-p9mm-kbc3"},{"vulnerability":"VCID-vbkk-qkme-uyh9"},{"vulnerability":"VCID-vm9c-dvcd-3khf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@8.0.0"}],"aliases":["CVE-2024-54676","GHSA-mjf9-4pcv-vfg7"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsja-94mz-hqbh"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.openmeetings/openmeetings-parent@6.3.0"}