Detections
Analytics
Openfire Path Traversal
high Web App Scanning Plugin ID 114197
Language:
Synopsis
Openfire Path TraversalDescription
Openfire version >= 3.10.0 < 4.6.8, 4.7.x < 4.7.5 suffer from a Path traversal allowing an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users.Solution
Upgrade to Openfire version 4.6.8, 4.7.5 or later.See Also
https://github.com/igniterealtime/Openfire/security/advisories/GHSA-gw42-f939-fhvm
Plugin Details
Severity: High
ID: 114197
Type: remote
Family: Component Vulnerability
Published: 2/7/2024
Updated: 2/7/2024
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: High
Score: 7.2
CVSS v2
Risk Factor: High
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2023-32315
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score Source: CVE-2023-32315
Vulnerability Information
CPE: cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/23/2019
Vulnerability Publication Date: 5/9/2023
CISA Known Exploited Vulnerability Due Dates: 9/14/2023
Reference Information
CVE: CVE-2023-32315
CWE: 22
OWASP: 2010-A4, 2013-A4, 2013-A9, 2017-A5, 2017-A9, 2021-A1, 2021-A6
WASC: Path Traversal
DISA STIG: APSC-DV-002560, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-CM-6b, sp800_53-SI-10
OWASP API: 2019-API7, 2023-API8
OWASP ASVS: 4.0.2-12.3.1, 4.0.2-14.2.1