What is CVE-2024-54676?

CVE-2024-54676 is a vulnerability in Apache Software Foundation Openmeetings, classified under Deserialization of Untrusted Data. Published 2025-01-08.

Is CVE-2024-54676 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Deserialization in Apache Software Foundation Openmeetings

CVE-2024-54676

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for…

Vulnerability class: Insecure Deserialization

EPSS: 0.637 (99.1th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Openmeetings — versions 2.1

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

Public proof-of-concept exploits

References

lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95 (vendor-advisory)

Frequently asked questions

What is CVE-2024-54676?: CVE-2024-54676 is a vulnerability in Apache Software Foundation Openmeetings, classified under Deserialization of Untrusted Data. Published 2025-01-08.
Is CVE-2024-54676 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.