CVE-2023-28326 Apache OpenMeetings: allows user impersonation

2023-03-2812:36:11

CWE-306

apache

www.cve.org

cve-2023-28326

apache openmeetings

user impersonation

elevate privileges

apache software foundation

version 2.0.0

version 7.0.0

9.7 High

AI Score

Confidence

High

0.054 Low

EPSS

Percentile

93.2%

JSON

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0

Description: Attacker can elevate their privileges in any room

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache OpenMeetings",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThan": "7.0.0",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "semver"
      }
    ]
  }
]