Description

Acunetix determined that it was possible to access Openfire's administrative endpoints without authentication due to the path traversal vulnerability.

Remediation

Upgrade to the latest version of Openfire

References

Administration Console authentication bypass in openfire xmppserver

Related Vulnerabilities

Oracle JRE CVE-2019-2894 Vulnerability (CVE-2019-2894)

MySQL CVE-2014-4274 Vulnerability (CVE-2014-4274)

WordPress Plugin Database Backup for WordPress 'edit.php' Directory Traversal (1.7)

PHP NULL Pointer Dereference Vulnerability (CVE-2017-6441)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6641)

Severity

High

Classification

CVE-2023-32315 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Tags

Directory Traversal Authentication Bypass Known Vulnerabilities