CVE-2016-2164 in OpenMeetingsinfo

Summary

The (1) FileService.importFileByInternalUserId and (2) FileService.importFile SOAP API methods in Apache OpenMeetings before 3.1.1 improperly use the Java URL class without checking the specified protocol handler, which allows remote attackers to read arbitrary files by attempting to upload a file.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

01/29/2016

Disclosure

04/11/2016

Moderation

VulDB entry created

Entries

VDB-82081 (1)

CPE

ready

CWE

CWE-200 (Confirmed)

CVSS

7.5

EPSS

0.01232

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-2164
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-2164
CVE Details	https://www.cvedetails.com/cve/CVE-2016-2164/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!