CVE-2017-2815

Name of the Vulnerable Software and Affected Versions: OpenFire User Import Export Plugin version 2.6.0

Description: An XML entity injection issue allows an attacker to retrieve arbitrary files or cause a denial of service. This can be triggered by sending a specially crafted web request. The attack requires authentication.

Recommendations: For OpenFire User Import Export Plugin version 2.6.0, consider disabling the import/export functionality until a patch is available to prevent exploitation. Restrict access to the plugin to minimize the risk of arbitrary file retrieval or denial of service.