openfire

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description High performance XMPP (Jabber) server.
Version 4.7.1-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2624 4.6.4-1 4.6.5-1 Critical Fixed FS#72975
AVG-15 4.0.4-1 4.1.0-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-44228 AVG-2624 Critical Yes Arbitrary code execution
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI...
CVE-2015-7707 AVG-15 High Yes Privilege escalation
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit- form.jsp.
CVE-2015-6973 AVG-15 Medium Yes Cross-site request forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of...
CVE-2015-6972 AVG-15 Medium Yes Cross-site scripting
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the...

Advisories

Date Advisory Group Severity Type
23 Dec 2016 ASA-201612-21 AVG-15 High multiple issues