Vulnerability identifier: #VU76466

Vulnerability risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2023-32315

CWE-ID: CWE-287

Exploitation vector: Network

Exploits in database: 5

• December 19, 2023
  • CVE-2023-32315-EXPLOIT (A PoC exploit for CVE-2023-32315 - Openfire Authentication Bypass) [Github]
• September 4, 2023
  • CVE-2023-32315 (Tool for CVE-2023-32315 exploitation) [Github]
• July 19, 2023
  • Openfire authentication bypass with RCE plugin [Metasploit]
• June 27, 2023
  • CVE-2023-32315-Openfire-Bypass (rce) [Github]
• June 26, 2023
  • CVE-2023-32315 (Openfire Console Authentication Bypass Vulnerability with RCE plugin) [Github]

Impact: Information disclosure and data manipulation

Vulnerable software:
Openfire
Web applications / Modules and components for CMS

Vendor: Ignite Realtime