发布日期:2023-05-26
更新日期:2023-06-19
受影响系统:
Ignite Realtime Openfire >= 4.7.0
Ignite Realtime Openfire >= 4.6.0
Ignite Realtime Openfire >= 4.5.0
Ignite Realtime Openfire >= 4.4.0
Ignite Realtime Openfire >= 4.3.0
Ignite Realtime Openfire >= 4.2.0
Ignite Realtime Openfire >= 4.1.0
Ignite Realtime Openfire >= 4.0.0
Ignite Realtime Openfire >= 3.10.0
Ignite Realtime Openfire < ="4.7.4
Ignite Realtime Openfire < ="4.6.7
Ignite Realtime Openfire < ="4.5.6
Ignite Realtime Openfire < ="4.4.4
Ignite Realtime Openfire < ="4.3.2
Ignite Realtime Openfire < ="4.2.4
Ignite Realtime Openfire < ="4.1.6
Ignite Realtime Openfire < ="4.0.4
Ignite Realtime Openfire < ="3.10.3
描述:
CVE(CAN) ID: CVE-2023-32315
Ignite Realtime Openfire是Ignite Realtime社区的一款采用Java开发且基于XMPP(前称Jabber,即时通讯协议)的跨平台开源实时协作(RTC)服务器。
Ignite Realtime Openfire多个版本存在路径遍历漏洞,未经身份认证的攻击者可利用该漏洞访问管理员用户界面,进而在目标系统上执行任意代码。
< **>
建议:
厂商补丁:
Ignite Realtime
---------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://github.com/igniterealtime/Openfire/releases/tag/v4.6.8
浏览次数:27
严重程度:0(网友投票)
