Vulnerability
Ignite Realtime supports Openfire, a Jabber server. It’s a Java program that serves as a platform for medium-sized businesses to manage internal communications and make instant messaging more convenient. The FaviconServlet in earlier versions of the Openfire Admin Console is vulnerable to a full read SSRF vulnerability. Attackers can use this vulnerability to send arbitrary HTTP GET queries to the internal network and view the responses.
Mitigation / Precaution
We suggest that you upgrade to the most recent version.
Written by
Summarize:
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 14 days
