CVE-2015-7707 log
| Source |
|
| Severity | High |
| Remote | Yes |
| Type | Privilege escalation |
| Description | Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-15 | openfire | 4.0.4-1 | 4.1.0-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 23 Dec 2016 | ASA-201612-21 | AVG-15 | openfire | High | multiple issues |
| References |
|---|
http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-PRIV-ESCALATION.txt https://issues.igniterealtime.org/browse/OF-941 |