Openfire Security Vulnerabilities and Issues — Openfire CVE List

Lucene search

IgniterealtimeOpenfire

5 matches found

CVE•added 2009/03/23 8:0 p.m.•148 views

CVE-2008-6508

Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. (dot dot) in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/.. sequ...

7.5CVSS7.4AI score0.75299EPSS

CVE•added 2024/03/26 9:15 p.m.•54 views

CVE-2024-25420

An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the admin.authorizedJIDs system property component.

7.2CVSS7AI score0.00854EPSS

CVE•added 2009/03/23 8:0 p.m.•45 views

CVE-2008-6509

SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.

7.5CVSS8.2AI score0.02026EPSS

CVE•added 2017/08/18 6:29 p.m.•44 views

CVE-2014-3451

OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.

7.5CVSS7.5AI score0.00736EPSS

CVE•added 2014/04/11 1:55 a.m.•43 views

CVE-2014-2741

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.

7.8CVSS6.1AI score0.03261EPSS