Description

Acunetix determined that it was possible to access Openfire's administrative endpoints without authentication due to the path traversal vulnerability.

Remediation

Upgrade to the latest version of Openfire

References

Administration Console authentication bypass in openfire xmppserver

Related Vulnerabilities

PHP Other Vulnerability (CVE-2007-0905)

phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-10803)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7579)

OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0701)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0553)

Severity

High

Classification

CVE-2023-32315 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Tags

Directory Traversal Authentication Bypass Known Vulnerabilities