Attacker Value
Very High
(1 user assessed)
Exploitability
High
(1 user assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
3

CVE-2019-18393

Disclosure Date: October 24, 2019
Add any MITRE ATT&CK Tactics to the list below that apply to this CVE.

Description

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.

Add Assessment

General Information

Additional Info

Technical Analysis