CVE-2017-7681
Published Jul 17, 2017
Last updated 7 years ago
Overview
- Description
- Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
- Source
- security@apache.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "72B6167B-E822-4146-87F2-E2769DC85F99"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CDA54EE-9AE1-4551-8C24-D2077515029C"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB137AFF-1BB8-4FFC-9247-376718AAFEB2"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E8B4E9B-D707-4B96-93B0-7E5F19C8C9A9"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E44AAC6C-13E1-423B-BB4C-4C92B763DE34"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "268D5F6C-F1E8-400B-8D79-A79A9481DFDE"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57895052-DBEF-4CD4-B2B8-C6EBB7A607C8"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA80F112-8C3B-4D79-86A6-C7B3396C4DDB"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AC28AE2-7EDD-4554-B418-7C4AD5D6E943"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94BB2711-23CA-4FA5-8868-664A839F7EAA"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCA799EE-CDF8-41C6-A3CF-5FC47ED0920C"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96D13854-BD10-4404-89A7-F6D398680628"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EC465AB-5CA6-4C97-8544-59D3236A7123"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FCC94CB-EBC7-46D2-BD9E-DB043A4CD5B1"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC811824-EA8F-49F6-B732-10731A1BC0EF"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8AFF29DC-46BA-4505-A921-42C783BC4C8F"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "085A80B3-B880-428D-AF1D-BED61C31E304"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46036494-F97D-4C02-A630-102D9E7DE2CE"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2C208B6-E86A-4F73-B078-BA47BA1B162D"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "331EDEB7-D823-43C6-9D8B-E872F921A328"
},
{
"criteria": "cpe:2.3:a:apache:openmeetings:3.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8D44A5F-C7BD-4CC2-9065-179FA92301C9"
}
],
"operator": "OR"
}
]
}
]