Description

Acunetix determined that it was possible to access Openfire's administrative endpoints without authentication due to the path traversal vulnerability.

Remediation

Upgrade to the latest version of Openfire

References

Administration Console authentication bypass in openfire xmppserver

Related Vulnerabilities

Internet Information Services Other Vulnerability (CVE-1999-0412)

MySQL CVE-2019-2969 Vulnerability (CVE-2019-2969)

Oracle JRE CVE-2017-10346 Vulnerability (CVE-2017-10346)

Squid Improper Input Validation Vulnerability (CVE-2012-5643)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4593)

Severity

High

Classification

CVE-2023-32315 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Tags

Directory Traversal Authentication Bypass Known Vulnerabilities