Max CVSS 4.0 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2009-1596 4.0
Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a pass
13-02-2024 - 17:43 11-05-2009 - 14:30
CVE-2009-1595 4.0
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
17-08-2017 - 01:30 11-05-2009 - 14:30
Back to Top Mark selected
Back to Top