6.4

CVE-2012-2928

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AtlassianJira Version <= 5.0.0
   GliffyGliffy Version <= 3.7
GliffyGliffy Version <= 3.7
GliffyGliffy Version1.0.1
GliffyGliffy Version2.0.0
GliffyGliffy Version2.0.1
GliffyGliffy Version2.1.0
GliffyGliffy Version2.1.1
GliffyGliffy Version2.1.2
GliffyGliffy Version2.1.3
GliffyGliffy Version2.2.0
GliffyGliffy Version2.2.1
GliffyGliffy Version2.2.2
GliffyGliffy Version3.0.0
GliffyGliffy Version3.0.1
GliffyGliffy Version3.0.2
GliffyGliffy Version3.0.3
GliffyGliffy Version3.0.4
GliffyGliffy Version3.0.5
GliffyGliffy Version3.1.0
GliffyGliffy Version3.1.1
GliffyGliffy Version3.1.2
GliffyGliffy Version3.1.3
GliffyGliffy Version3.1.4
GliffyGliffy Version3.5
GliffyGliffy Version3.5.2
GliffyGliffy Version3.6
GliffyGliffy Version3.6.1
AtlassianConfluence Server Version4.1.9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.06% 0.859
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17
Vendor Advisory
Mitigation
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17
Vendor Advisory
Mitigation
http://osvdb.org/81993
Broken Link
http://www.securityfocus.com/bid/53595
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/75697
Third Party Advisory
VDB Entry
http://secunia.com/advisories/49166
Vendor Advisory