====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN078
_____________________________________________________________________

DATE                : 27/02/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache OpenMeetings versions prior
                                         to 4.0.2.

=====================================================================
http://openmeetings.apache.org/security.html#_toc_cve-2018-1286_-_apache_openmeetings_-_insufficient
_____________________________________________________________________

Severity: Medium

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings 3.0.0 - 4.0.1

Description: CRUD operations on privileged users are not password
protected allowing an authenticated attacker to deny service for
privileged users.

CVE-2018-1286

The issue was fixed in 4.0.2
All users are recommended to upgrade to Apache OpenMeetings 4.0.2

Credit: This issue was identified by Sahil Dhar of Security Innovation Inc


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================