What is CVE-2019-18393?

CVE-2019-18393 is a vulnerability in N/a. Published 2019-10-24.

Is CVE-2019-18393 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-18393

PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability.

EPSS: 0.844 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
StarCrossPortal/scalpel
anonymous364872/Rapier_
apif-review/APIF_
apit-review-account/apit-tool
flawgarden/reality-check
youcans896768/APIV_

References

github.com/igniterealtime/Openfire/pull/1498 (x_refsource_MISC)
swarm.ptsecurity.com/openfire-admin-console/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-18393?: CVE-2019-18393 is a vulnerability in N/a. Published 2019-10-24.
Is CVE-2019-18393 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.