Multiple Vulnerabilities in Openfire Admin Console

Openfire is a group chat server for the Extensible Messaging and Presence Protocol (XMPP). It is written in Java and licensed under the Apache License 2.0. Two vulnerabilities, CVE-2019-18394 and CVE-2019-18393, were reported in Openfire Admin Console by a Penetration Testing Expert, Alexandr Shvetsov. Vulnerability Details CVE-2019-18394 – Full Read SSRF Vulnerability A Server-Side Request … Continue reading “Multiple Vulnerabilities in Openfire Admin Console”