Severity
High
Analysis Summary
CVE-2023-29032 CVSS:9.1
Apache OpenMeetings could allow a remote attacker to bypass security restrictions, caused by improper protection to sensitive information. By sending a specially crafted request, an attacker could exploit this vulnerability to act as other user.
CVE-2023-28936 CVSS:5.3
Apache OpenMeetings could allow a remote attacker to obtain sensitive information, caused by an insufficient check of invitation hash. By sending a specially crafted request, an attacker could exploit this vulnerability to access to arbitrary recording/room, and use this information to launch further attacks against the affected system.
Impact
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-29032
- CVE-2023-28936
Affected Vendors
Apache
Affected Products
- Apache OpenMeetings 7.0.0
- Apache OpenMeetings 2.0.0
Remediation
Upgrade to the latest version of Apache OpenMeetings, available from the Apache Website.