Vulncheck researchers discovered more than 3,000 Openfire servers vulnerable to the CVE-2023-32315 flaw that are exposed to attacks using a new exploit.
Openfire is a popular open-source chat server written in Java that is maintained by Ignite Realtime.
CVE-2023-32315 is a path traversal vulnerability affecting the Openfire admin console. An unauthenticated user can exploit the flaw to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users.
The experts pointed out that CVE-2023-32315 has been exploited in the wild for more than two months, but it has yet to be added to the CISA KEV catalog.