Описание
Apache OpenMeetings may allow authenticated attacker to deny service for privileged users
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. The issue is fixed in version 4.0.2.
Пакеты
Наименование
org.apache.openmeetings:openmeetings-parent
maven
Затронутые версииВерсия исправления
>= 3.0.0, < 4.0.2
4.0.2
Связанные уязвимости
CVSS3: 6.5
nvd
почти 8 лет назад
In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users.