In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users. The issue is fixed in version 4.0.2.
{
"github_reviewed_at": "2022-11-22T18:57:08Z",
"cwe_ids": [
"CWE-287"
],
"github_reviewed": true,
"nvd_published_at": "2018-02-28T18:29:00Z",
"severity": "MODERATE"
}