The Openfire provided with the IM plugin of Tuleap uses an old version of the JVM. This old JVM uses a weak DH group during the key exchange of the TLS session.
This prevents clients using a modern stack to connect to the server with TLS. For example, Pidgin will refuse to connect to the server and there is no easy workaround/bypass (as it should).
Also, it allows attackers with a lot of computing power at their disposal to downgrade/break the level of security of the connection.
CVSSv3 score: 3.1 (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Reference:
https://weakdh.org/