6.4

CVE-2012-2928

The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AtlassianJira Version <= 5.0.0
   GliffyGliffy Version <= 3.7
GliffyGliffy Version <= 3.7
GliffyGliffy Version1.0.1
GliffyGliffy Version2.0.0
GliffyGliffy Version2.0.1
GliffyGliffy Version2.1.0
GliffyGliffy Version2.1.1
GliffyGliffy Version2.1.2
GliffyGliffy Version2.1.3
GliffyGliffy Version2.2.0
GliffyGliffy Version2.2.1
GliffyGliffy Version2.2.2
GliffyGliffy Version3.0.0
GliffyGliffy Version3.0.1
GliffyGliffy Version3.0.2
GliffyGliffy Version3.0.3
GliffyGliffy Version3.0.4
GliffyGliffy Version3.0.5
GliffyGliffy Version3.1.0
GliffyGliffy Version3.1.1
GliffyGliffy Version3.1.2
GliffyGliffy Version3.1.3
GliffyGliffy Version3.1.4
GliffyGliffy Version3.5
GliffyGliffy Version3.5.2
GliffyGliffy Version3.6
GliffyGliffy Version3.6.1
AtlassianConfluence Server Version4.1.9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.93% 0.817
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.4 10 4.9
AV:N/AC:L/Au:N/C:P/I:N/A:P
http://www.securityfocus.com/bid/53595
Third Party Advisory
Broken Link
VDB Entry