CVE-2023-32315 - Ignite Realtime Openfire Path Traversal Vulnerability
Project:Ignite Realtime
Product:Openfire
Date Added:2023-08-24Due Date:2023-09-14
Vulnerability Name
Ignite Realtime Openfire Path Traversal Vulnerability
Description
Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://www.igniterealtime.org/downloads/#openfire
https://nvd.nist.gov/vuln/detail/CVE-2023-32315
Related News Articles
BadPilot network hacking campaign fuels Russian SandWorm attacksFebruary 13, 2025
Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ CountriesFebruary 13, 2025