What is CVE-2017-7681?

CVE-2017-7681 is a high-severity vulnerability in Apache Openmeetings, classified under SQL Injection. CVSS score: 8.8/10. Published 2017-07-17.

How severe is CVE-2017-7681?

High severity. CVSS v3 base score is 8.8 out of 10.

SQL Injection in Apache Openmeetings

CVE-2017-7681

Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.

Vulnerability class: SQL Injection

EPSS: 0.013 (66.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Apache Openmeetings — versions 1.0.0, 2.0, 2.1
Apache Software Foundation Openmeetings — versions 1.0.0

Weakness classification (CWE)

CWE-89 — SQL Injection

References

security@apache.org (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)

Frequently asked questions

What is CVE-2017-7681?: CVE-2017-7681 is a high-severity vulnerability in Apache Openmeetings, classified under SQL Injection. CVSS score: 8.8/10. Published 2017-07-17.
How severe is CVE-2017-7681?: High severity. CVSS v3 base score is 8.8 out of 10.