CVE-2019-18394

CVE-2019-18394

EPSS 32.3%

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/igniterealtime/Openfire/pull/1497 https://swarm.ptsecurity.com/openfire-admin-console/