9.1

CVE-2012-2926

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4.x before 3.4.5; and Crowd before 2.0.9, 2.1 before 2.1.2, 2.2 before 2.2.9, 2.3 before 2.3.7, and 2.4 before 2.4.1 do not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AtlassianBamboo Version < 3.3.4
AtlassianBamboo Version >= 3.4 < 3.4.5
AtlassianConfluence Version < 3.5.16
AtlassianConfluence Server Version >= 4.0 < 4.0.7
AtlassianConfluence Server Version >= 4.1 < 4.1.10
AtlassianCrowd Version < 2.0.9
AtlassianCrowd Version >= 2.1 < 2.1.2
AtlassianCrowd Version >= 2.2.0 < 2.2.9
AtlassianCrowd Version >= 2.3.0 < 2.3.7
AtlassianCrowd Version >= 2.4.0 < 2.4.1
AtlassianCrucible Version < 2.5.8
AtlassianCrucible Version >= 2.6 < 2.6.8
AtlassianCrucible Version >= 2.7 < 2.7.12
AtlassianFisheye Version < 2.5.8
AtlassianFisheye Version >= 2.6 < 2.6.8
AtlassianFisheye Version >= 2.7 < 2.7.12
AtlassianJira Version < 5.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 56.38% 0.98
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
http://www.securityfocus.com/bid/53595
Third Party Advisory
VDB Entry