Base Score

MEDIUM5.3

CVE-2023-28936

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

VectorNETWORK

Published Bysecurity@apache.org

Published DateMay 12, 2023, 08:15

Affected Versions(1)

org.apache.openmeetings:openmeetings-db(Maven)

Introduced2.0.0

Fixed7.1.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.openmeetings:openmeetings-db(Maven)	2.0.0	7.1.0	N/A

Weakness Type (CWE):CWE-697

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE

References

https://lists.apache.org/thread/y6vng44c22ll221rtvsv208x1pbjmdoc

Base Score

MEDIUM5.3

Weakness Type (CWE):CWE-697

CVSS Metrics

Base Score

5.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

LOW

Integrity (I)

NONE

Availability (A)

NONE