An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote attacker to escalate privileges via the ROOM_CACHE component.
The vulnerability is classified as CWE-250 (Execution with Unnecessary Privileges), which indicates that the ROOM_CACHE component processes operations with excessive privileges. A remote attacker can send an appropriately crafted request without authentication and without user interaction, which will be handled by the MUC (Multi-User Chat) room management component in the LocalMUCRoomManager class. As a result, it is possible to obtain higher privileges in the system than those to which the attacker is entitled.
An attacker can obtain unauthorized privilege escalation on the Openfire server, which potentially leads to breach of confidentiality, integrity and availability of the system (all three aspects rated as HIGH in the CVSS vector).
Patches available from the vendor should be applied according to the references. It is recommended to update Openfire to a version higher than 4.9.0 and monitor official project resources at https://www.igniterealtime.org/projects/openfire/
Ignite Realtime Openfire version 4.9.0 and all earlier versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HIgniterealtime Openfire
APPIgniterealtime≤ 4.9.0
Related vulnerabilities
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a ...
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through ...
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a...
An issue in Ignite Realtime Openfire before 4.8.1 allows a remote attacker to escalate privileges via the admi...
OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform un...