- Description
- Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
- Source
- security@apache.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@apache.org
- CWE-502
- Hype score
- Not currently trending
#Vulnerability #apache Apache OpenMeetings Users Urged to Patch Critical Flaw – CVE-2024-54676 (CVSS 9.8) https://t.co/n3IZN5Q2LD
@Komodosec
13 Jan 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-54676 (CVSS: 9.8) : Apache OpenMeetings: Deserialisation of Untrusted Data in Cluster Mode ⚠️By exploiting this flaw, malicious actors could inject malicious code that would be executed by the server. ZoomEye Dork👉app="Apache OpenMeetings" 1k+ results are found on…
@zoomeye_team
10 Jan 2025
428 Impressions
4 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE Alert: Critical Apache OpenMeetings Insecure Deserialization vulnerability🚨 Vulnerability Details: CVE-2024-54676 (CVSS 9.8/10) Apache OpenMeetings Insecure Deserialization vulnerability Impact A successful exploit may allow an attacker to execute arbitrary code on the…
@CyberxtronTech
9 Jan 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode https://t.co/gN1DNp0xjl
@oss_security
8 Jan 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54676 Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openm… https://t.co/DeIZ0cdZ5O
@CVEnew
8 Jan 2025
240 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54676 Untrusted Data Deserialization in Apache OpenMeetings Before 8.0.0 Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: The default c... https://t.co/y7XdjoyrZU
@VulmonFeeds
8 Jan 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E83A3409-D9F1-4F24-AC6A-D97C68AC2344",
"versionEndExcluding": "8.0.0",
"versionStartIncluding": "2.1"
}
],
"operator": "OR"
}
]
}
]