Openfire@3.6.2 Security Vulnerabilities and Issues — Openfire@3.6.2 CVE List

Lucene search

IgniterealtimeOpenfire3.6.2

2 matches found

CVE•added 2009/05/11 2:30 p.m.•53 views

CVE-2009-1595

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.

4CVSS6AI score0.07857EPSS

CVE•added 2009/02/10 1:30 a.m.•40 views

CVE-2009-0497

Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the log parameter.

5CVSS6.4AI score0.05924EPSS