An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote malicious user to escalate privileges via the ROOM_CACHE component.