Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:40755
HistoryJun 01, 2023 - 8:10 a.m.

Authentication Bypass

2023-06-0108:10:35
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
18
openfire
authentication
bypass
vulnerable
xmppserver
path traversal

0.974 High

EPSS

Percentile

99.9%

org.igniterealtime.openfire:xmppserver is vulnerable to authentication bypass. A remote unauthenticated attacker is able to access restricted pages in the Openfire Admin Console designated for administrative users due to a path traversal in the unauthenticated Openfire Setup Environment.