{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T10:01:16.011","vulnerabilities":[{"cve":{"id":"CVE-2024-54676","sourceIdentifier":"security@apache.org","published":"2025-01-08T09:15:07.440","lastModified":"2025-01-15T15:50:39.987","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Vendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0\n\nDescription: Default clustering instructions at  https://openmeetings.apache.org/Clustering.html  doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data.\nUsers are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation."},{"lang":"es","value":"Proveedor: The Apache Software Foundation Versiones afectadas: Apache OpenMeetings desde la versión 2.1.0 hasta la 8.0.0 Descripción: Las instrucciones de agrupamiento predeterminadas en https://openmeetings.apache.org/Clustering.html no especifican listas blancas/negras para OpenJPA, lo que lleva a una posible deserialización de datos no confiables. Se recomienda a los usuarios actualizar a la versión 8.0.0 y actualizar sus scripts de inicio para incluir las configuraciones 'openjpa.serialization.class.blacklist' y 'openjpa.serialization.class.whitelist' relevantes como se muestra en la documentación."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:openmeetings:*:*:*:*:*:*:*:*","versionStartIncluding":"2.1","versionEndExcluding":"8.0.0","matchCriteriaId":"E83A3409-D9F1-4F24-AC6A-D97C68AC2344"}]}]}],"references":[{"url":"https://lists.apache.org/thread/o0k05jxrt5tp4nm45lj14yfjxmg67m95","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/01/08/1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]}]}}]}