Description

Invicti determined that it was possible to access Openfire's administrative endpoints without authentication due to the path traversal vulnerability.

Remediation

Upgrade to the latest version of Openfire

References

Administration Console authentication bypass in openfire xmppserver

Related Vulnerabilities

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19048)

MySQL CVE-2017-10365 Vulnerability (CVE-2017-10365)

Oracle JRE CVE-2012-5083 Vulnerability (CVE-2012-5083)

Joomla Improper Input Validation Vulnerability (CVE-2018-11321)

MySQL CVE-2023-21950 Vulnerability (CVE-2023-21950)

Severity

High

Classification

CVE-2023-32315 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Tags

Directory Traversal Authentication Bypass Known Vulnerabilities