CVE-2023-28326: 
Java vulnerability analysis and mitigation

A critical vulnerability (CVE-2023-28326) was identified in Apache OpenMeetings versions 2.0.0 to 7.0.0. The vulnerability was discovered and disclosed on March 28, 2023, affecting all versions of Apache OpenMeetings from version 2.0.0 up to (but not including) version 7.0.0. The vulnerability allows attackers to elevate their privileges in any room within the application (NVD Database, CVE Mitre).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited over the network with low attack complexity, requires no privileges or user interaction, and can result in high impact to confidentiality, integrity, and availability. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function) (NVD Database).

The vulnerability allows attackers to gain unauthorized elevated privileges in any room within Apache OpenMeetings, potentially compromising the security of all room-based operations and communications. Given the CVSS score of 9.8, the impact is considered critical with potential for complete compromise of system confidentiality, integrity, and availability (NVD Database).

Users are advised to upgrade to Apache OpenMeetings version 7.0.0 or later, which contains fixes for this vulnerability (Apache Advisory).