Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw

Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 CVSS score: 7.5, the vulnerability relates to a path traversal vulnerability in Openfire's...

Ignite Realtime Openfire Path Traversal Vulnerability

Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users...

The vulnerability of the administration console of a cross-platform real-time collaboration server like Openfire, related to the possibility of bypassing the path, allows attackers to increase their privileges.

The vulnerability of the administration console of a cross-platform real-time collaboration server like Openfire is related to the possibility of bypassing the authentication process. Exploiting this vulnerability allows an attacker who operates remotely to enhance their privileges...

ELECOM LAN-WH300N/RE 安全漏洞

ELECOM lan is a router from ELECOM Japan. A security vulnerability exists in the LAN-WH300N/RE that originates from an unknown feature of the device that allows an authenticated user to execute arbitrary operating system commands from an administrative console...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting in the Admin Console (CVE-2023-26283)

Summary IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console. This has been addressed in the remediation section. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products|...

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)

Summary IBM WebSphere Application Server is vulnerable to cross site scripting in the Admin Console. This has been addressed in the remediation section below. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Openfire Authentication Bypass (CVE-2023-32315)

Binary data openfireCVE-2023-32315.nbin...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2018-1797)

Summary IBM WebSphere Application Server is a required product for IBM Tivoli Network Manager IP Edition version 4.2. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...

VulnCheck KEV: CVE-2023-32315

Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users...

Collabora CODE / Collabora Online < 6.4.27, 21.x < 21.11.9.1, 22.x < 22.05.13 XSS Vulnerability

Collabora CODE Collabora Online Development Edition and Collabora Online are prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2023-34088 Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface

Collabora Online is a collaborative online office suite. A stored cross-site scripting XSS vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened t...

CVE-2023-34088 Collabora Online has Stored Cross-Site-Scripting vulnerability in admin interface

Collabora Online is a collaborative online office suite. A stored cross-site scripting XSS vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened t...

Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable to cross-site scripting in the Admin Console (CVE-2023-24966)

Summary Security Bulletin: IBM WebSphere Application Server shipped with IBM Security Access Manager for Enterprise Single Sign-On is vulnerable tcross-site scripting in the Admin Console CVE-2023-24966. This has been addressed in the remediation section below. Vulnerability Details Refer to the...

Security Bulletin: IBM WebSphere Application Server Liberty is vulnerable to spoofing when using Web Server Plug-ins

Summary IBM Security Verify Governance uses IBM WebSphere Application Server .The fix includes upgrading IBM WebSphere Application Server with the security patch. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console

Summary IBM Security Verify Governance uses IBM WebSphere Application Server. The fix includes upgrading IBM WebSphere Application Server with the security patch. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Security Bulletin: IBM WebSphere Application Server is vulnerable to cross-site scripting in the Admin Console

Summary IBM Security Verify Governance uses IBM WebSphere Application Server. The fix includes upgrading IBM WebSphere Application Server with the security patch. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

Path traversal

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

CVE-2023-32315

Openfire (Ignite Realtime) is affected by a path traversal vulnerability in the web-based Admin Console exposed via the unauthenticated Setup Environment, permitting access to admin pages in an already configured Openfire instance. Affected versions are Openfire releases since April 2015 starting...

CVE-2023-32315 Openfire administration console authentication bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

CVE-2023-32315 Openfire administration console authentication bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...