CVE-2023-32315: Ignite Realtime Openfire Path Traversal Vulnerability

CVE ID

CVE-2023-32315

Vulnerability Name

Ignite Realtime Openfire Path Traversal Vulnerability

• Project: Ignite Realtime
• Product: Openfire

Date

• Date Added: 2023-08-24
• Due Date: 2023-09-14

Description

Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.igniterealtime.org/downloads/#openfire; https://nvd.nist.gov/vuln/detail/CVE-2023-32315

Related Security News

• New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
• BadPilot network hacking campaign fuels Russian SandWorm attacks
• Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List