Arbitrary HTTP GET Request Vulnerability in Ignite Realtime Openfire
CVE-2019-18394 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.
Learn more about our Cis Benchmark Audit For Server Software.