Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Very High

CVE-2019-18393

Disclosure Date: October 24, 2019 (last updated October 06, 2023)
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.