HIGH🇬🇧 English

CVE-2026-34020

CVSS 7.5v3.1pub. 2026-04-09upd. 2026-04-15

Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Apache Openmeetings

    APP
    Apache
    3.1.3 – 9.0.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-54676CRITICAL9.8PL ✓ten sam produkt

Apache OpenMeetings: deserializacja niezaufanych danych w konfiguracji klastrowej

CVE-2023-28326CRITICAL9.8ten sam produkt

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Descri...

CVE-2016-8736CRITICAL9.8ten sam produkt

Apache OpenMeetings before 3.1.2 is vulnerable to Remote Code Execution via RMI deserialization attack.

CVE-2017-7673CRITICAL9.8ten sam produkt

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and ...

CVE-2017-7664CRITICAL10.0ten sam produkt

Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.