cbcvebase.
CVE-2019-18393
published 2019-10-24

CVE-2019-18393: PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a…

PriorityP278medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
13.94%
96.1th percentile
PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.

Affected

1 ranges
VendorProductVersion rangeFixed in
igniterealtimeopenfire<= 4.4.2

Detection & IOCsextracted from sources · hover to see the quote

otherorg.jivesoftware.database.EmbeddedConnectionProvider
otherMost properties are stored in the Openfire database
  • A successful exploitation response body will contain Openfire configuration strings such as 'org.jivesoftware.database.EmbeddedConnectionProvider' and 'Most properties are stored in the Openfire database', indicating openfire.xml was read.
  • Shodan/FOFA fingerprinting: target hosts with HTTP title 'openfire admin console' or 'openfire' are likely candidates for this vulnerability.
  • ·The vulnerability is exploitable without authentication (PR:N, UI:N per CVSS), meaning no session or login token is required to trigger the directory traversal.

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vulncheck5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.