Sign-up

ID

VAR-201908-0290


CVE

CVE-2019-15488


TITLE

Ignite Realtime Openfire Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-008246

DESCRIPTION

Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. Ignite Realtime Openfire Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Ignite Realtime Openfire is a cross-platform open source real-time collaboration (RTC) server based on XMPP (formerly known as Jabber, instant messaging protocol) developed by Java in the Ignite Realtime community. It can build an efficient instant messaging server and support tens of thousands. The number of concurrent users

Trust: 2.16

sources: NVD: CVE-2019-15488 // JVNDB: JVNDB-2019-008246 // CNVD: CNVD-2019-29164

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-29164

AFFECTED PRODUCTS

vendor:igniterealtimemodel:openfirescope:ltversion:4.4.1

Trust: 1.0

vendor:ignite realtimemodel:openfirescope:ltversion:4.4.1

Trust: 0.8

vendor:ignitemodel:realtime openfirescope:ltversion:4.4.1

Trust: 0.6

sources: CNVD: CNVD-2019-29164 // JVNDB: JVNDB-2019-008246 // NVD: CVE-2019-15488

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15488
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15488
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-29164
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-1880
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15488
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-29164
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-15488
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-29164 // JVNDB: JVNDB-2019-008246 // CNNVD: CNNVD-201908-1880 // NVD: CVE-2019-15488

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-008246 // NVD: CVE-2019-15488

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1880

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201908-1880

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008246

PATCH
title:Comparing changesurl:https://github.com/igniterealtime/Openfire/compare/cd0a573...5e5d9e5
Trust: 0.8
title:OF-1192: Fixes Reflected XSS in LDAP Setup test #1441url:https://github.com/igniterealtime/Openfire/pull/1441
Trust: 0.8
title:Patch for Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2019-29164)url:https://www.cnvd.org.cn/patchInfo/show/177739
Trust: 0.6
title:Ignite Realtime Openfire Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96939
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-29164 // 
            
            
            
            JVNDB: JVNDB-2019-008246 // 
            
            
            
            CNNVD: CNNVD-201908-1880

EXTERNAL IDS
db:NVDid:CVE-2019-15488
Trust: 3.0
db:JVNDBid:JVNDB-2019-008246
Trust: 0.8
db:CNVDid:CNVD-2019-29164
Trust: 0.6
db:CNNVDid:CNNVD-201908-1880
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-29164 // 
            
            
            
            JVNDB: JVNDB-2019-008246 // 
            
            
            
            CNNVD: CNNVD-201908-1880 // 
            
            
            
            NVD: CVE-2019-15488

REFERENCES
url:https://github.com/igniterealtime/openfire/pull/1441
Trust: 2.2
url:https://github.com/igniterealtime/openfire/compare/cd0a573...5e5d9e5
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-15488
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15488
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-29164 // 
            
            
            
            JVNDB: JVNDB-2019-008246 // 
            
            
            
            CNNVD: CNNVD-201908-1880 // 
            
            
            
            NVD: CVE-2019-15488

SOURCES
db:CNVDid:CNVD-2019-29164
db:JVNDBid:JVNDB-2019-008246
db:CNNVDid:CNNVD-201908-1880
db:NVDid:CVE-2019-15488

LAST UPDATE DATE
2024-11-23T22:21:33.579000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-29164date:2019-08-29T00:00:00
db:JVNDBid:JVNDB-2019-008246date:2019-08-28T00:00:00
db:CNNVDid:CNNVD-201908-1880date:2019-08-27T00:00:00
db:NVDid:CVE-2019-15488date:2024-11-21T04:28:51.170

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-29164date:2019-08-29T00:00:00
db:JVNDBid:JVNDB-2019-008246date:2019-08-28T00:00:00
db:CNNVDid:CNNVD-201908-1880date:2019-08-23T00:00:00
db:NVDid:CVE-2019-15488date:2019-08-23T13:15:11.390