logo

CVE-2023-32315 - Ignite Realtime Openfire Path Traversal Vulnerability

Project:Ignite Realtime

Product:Openfire

Date Added:2023-08-24Due Date:2023-09-14

Vulnerability Name

Ignite Realtime Openfire Path Traversal Vulnerability

Description

Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://www.igniterealtime.org/downloads/#openfire

https://nvd.nist.gov/vuln/detail/CVE-2023-32315

Related News Articles

BadPilot network hacking campaign fuels Russian SandWorm attacksFebruary 13, 2025

Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ CountriesFebruary 13, 2025