Vulnerability Database

290,301

Total vulnerabilities in the database

CVE-2009-1595

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.

  • Published: May 11, 2009
  • Updated: Apr 13, 2023
  • CVE: CVE-2009-1595
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

OWASP TOP 10: