CVE-2019-18394: Ignite Realtime Openfire vulnerable to Server Side Request Forgery

Severity: Critical

CVSS Score: 9.8

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests.