Description

Acunetix determined that it was possible to access Openfire's administrative endpoints without authentication due to the path traversal vulnerability.

Remediation

Upgrade to the latest version of Openfire

References

Administration Console authentication bypass in openfire xmppserver

Related Vulnerabilities

PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2016-5424)

Craft CMS Improper Authentication Vulnerability (CVE-2024-41800)

MediaWiki CVE-2019-12467 Vulnerability (CVE-2019-12467)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2506)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3412)

Severity

High

Classification

CVE-2023-32315 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Tags

Directory Traversal Authentication Bypass Known Vulnerabilities