Web conferencing software Apache OpenMeetings has a number of security holes that might be exploited by bad actors to take over admin accounts and launch malicious malware on unprotected servers. The vulnerabilities were fixed with the release of Openmeetings version 7.1.0 on May 9, 2023, following a responsible disclosure on March 20, 2023.
According to Stefan Schiller, a researcher with Sonar, “attackers can bring the application into an unexpected state, which allows them to take over any user account, including the admin account,” in a study shared with The Hacker News.x000D The ability to execute arbitrary code on the Apache OpenMeetings server is another vulnerability that can be exploited using the newly acquired admin capabilities.