- Description
- Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- openmeetings
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@apache.org
- CWE-502
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
6
『The most significant technical insight from this analysis is the insufficiency of class blacklisting as a defense against deserialization attacks.』 CVE-2024-54676 — Apache OpenMeetings OpenJPA Deserialization RCE https://t.co/jFVNT0HDae
@autumn_good_35
27 Mar 2026
133 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-54676은 Apache OpenMeetings 8.0.0 이전 버전에 영향을 미치는 심각한(CVSS 9.8) Java 역직렬화 취약점입니다. 이 취약점은 인증되지 않은 공격자가 OpenJPA TCPRemoteCommitProvider를 통해 원격 코드 실행을 달성할 수 있도록
@ngnicky
26 Mar 2026
151 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54676は、Apache OpenMeetingsのcluster modeで有効になるOpenJPAのTCPRemoteCommitProviderを悪用する未認証RCE。重要なのは、HTTPではなく生TCP 5636番でJavaデシリアライズが走り、到達できるだけで任意コード実行に至る点
@01ra66it
26 Mar 2026
263 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54676 — Apache OpenMeetings OpenJPA Deserialization RCE https://t.co/D24hVpynBK
@Dinosn
26 Mar 2026
2455 Impressions
8 Retweets
20 Likes
8 Bookmarks
0 Replies
0 Quotes
#Vulnerability #apache Apache OpenMeetings Users Urged to Patch Critical Flaw – CVE-2024-54676 (CVSS 9.8) https://t.co/n3IZN5Q2LD
@Komodosec
13 Jan 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-54676 (CVSS: 9.8) : Apache OpenMeetings: Deserialisation of Untrusted Data in Cluster Mode ⚠️By exploiting this flaw, malicious actors could inject malicious code that would be executed by the server. ZoomEye Dork👉app="Apache OpenMeetings" 1k+ results are found on…
@zoomeye_team
10 Jan 2025
428 Impressions
4 Retweets
3 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 CVE Alert: Critical Apache OpenMeetings Insecure Deserialization vulnerability🚨 Vulnerability Details: CVE-2024-54676 (CVSS 9.8/10) Apache OpenMeetings Insecure Deserialization vulnerability Impact A successful exploit may allow an attacker to execute arbitrary code on the…
@CyberxtronTech
9 Jan 2025
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54676: Apache OpenMeetings: Deserialisation of untrusted data in cluster mode https://t.co/gN1DNp0xjl
@oss_security
8 Jan 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54676 Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openm… https://t.co/DeIZ0cdZ5O
@CVEnew
8 Jan 2025
240 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54676 Untrusted Data Deserialization in Apache OpenMeetings Before 8.0.0 Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: The default c... https://t.co/y7XdjoyrZU
@VulmonFeeds
8 Jan 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E83A3409-D9F1-4F24-AC6A-D97C68AC2344",
"versionEndExcluding": "8.0.0",
"versionStartIncluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]