CVE-2023-32315
Ignite Realtime Openfire Path Traversal Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Aug 24, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Ignite Realtime / Openfire
Vulnerability
Ignite Realtime Openfire Path Traversal Vulnerability
Added to KEV
Aug 24, 2023
Remediate by
Sep 14, 2023
Known ransomware use
No
Summary description
Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://www.igniterealtime.org/downloads/#openfire; https://nvd.nist.gov/vuln/detail/CVE-2023-32315
No related CVEs by CWE or product.