Technical Severity
HIGH
CVSS v3.1 Metrics
8.6
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Exploitation Likelihood
EPSS Prediction
94.44
%
Predictive Probability
Percentile Rank
100.0
th
Documented as more likely to be exploited than 100.0% of known CVEs.
Detection Date
Aug 24, 2023
Remediation Due
Sep 14, 2023
CISA Catalog Active
Threat Analysis
Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users.
Remediation Directive
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.