9.8

CVE-2017-16861

EPSS 0.56%
Veröffentlicht 01.02.2018 04:29:00
Zuletzt bearbeitet 21.11.2024 03:17:07
Quelle security@atlassian.com
CVE-Watchlists
Login
Unerledigt
Login

It was possible for double OGNL evaluation in certain redirect action and in WebWork URL and Anchor tags in JSP files to occur. An attacker who can access the web interface of Fisheye or Crucible or who hosts a website that a user who can access the web interface of Fisheye or Crucible visits, is able to exploit this vulnerability to execute Java code of their choice on systems that run a vulnerable version of Fisheye or Crucible. All versions of Fisheye and Crucible before 4.4.5 (the fixed version for 4.4.x) and from 4.5.0 before 4.5.2 (the fixed version for 4.5.x) are affected by this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Atlassian ≫ Fisheye Version < 4.4.5

Atlassian ≫ Fisheye Version >= 4.5.0 < 4.5.2

Atlassian ≫ Crucible Version < 4.4.5

Atlassian ≫ Crucible Version >= 4.5.0 < 4.5.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.671

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://www.securityfocus.com/bid/102971

Third Party Advisory

VDB Entry

https://confluence.atlassian.com/x/h-QyO

Vendor Advisory

https://confluence.atlassian.com/x/iPQyO

Vendor Advisory

https://jira.atlassian.com/browse/CRUC-8156

Vendor Advisory

https://jira.atlassian.com/browse/FE-6991

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-16861

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16861

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16861

EUVD