CVE-2016-8736
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.
Known Affected Software
15 configuration(s) from 1 vendor(s)
openmeetings
Version:
2.2.0
CPE:
cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*
openmeetings
Version:
3.0.7
CPE:
cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*
openmeetings
Version:
2.0
CPE:
cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*
openmeetings
Version:
1.0.0
CPE:
cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*
openmeetings
Version:
3.1.0
CPE:
cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*
openmeetings
Version:
2.1.1
CPE:
cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*
openmeetings
Version:
3.0.3
CPE:
cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*
openmeetings
Version:
3.0.6
CPE:
cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*
openmeetings
Version:
3.0.0
CPE:
cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*
openmeetings
Version:
3.0.5
CPE:
cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*
openmeetings
Version:
3.0.2
CPE:
cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*
openmeetings
Version:
3.0.1
CPE:
cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*
openmeetings
Version:
2.1
CPE:
cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*
openmeetings
Version:
3.0.4
CPE:
cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*
openmeetings
Version:
3.1.1
CPE:
cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*
This vulnerability affects 15 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://openmeetings.markmail.org/thread/tr47byaaopnemvnesecurity@apache.org Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/94145security@apache.org Third Party Advisory VDB Entry
-
http://openmeetings.markmail.org/thread/tr47byaaopnemvneaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://www.securityfocus.com/bid/94145af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory VDB Entry
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-502
Top 25 #15
Deserialization of Untrusted Data
- Description
- The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
- Exploit Likelihood
- Medium
- Typical Severity
- Medium
- OWASP Top 10
- A08:2021-Software/Data Integrity Failures
- Abstraction Level
- Base
Key Information
- Published Date
- October 12, 2017
