8.8
CVE-2021-39114
- EPSS 0.36%
- Veröffentlicht 05.04.2022 04:15:08
- Zuletzt bearbeitet 21.11.2024 06:18:36
- Quelle security@atlassian.com
- CVE-Watchlists
- Unerledigt
LoginAffected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atlassian ≫ Confluence Data Center Version < 6.13.23
Atlassian ≫ Confluence Data Center Version >= 6.14.0 < 7.4.11
Atlassian ≫ Confluence Data Center Version >= 7.5.0 < 7.11.6
Atlassian ≫ Confluence Data Center Version >= 7.12.0 < 7.12.5
Atlassian ≫ Confluence Server Version < 6.13.23
Atlassian ≫ Confluence Server Version >= 6.14.0 < 7.4.11
Atlassian ≫ Confluence Server Version >= 7.5.0 < 7.11.6
Atlassian ≫ Confluence Server Version >= 7.12.0 < 7.12.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.576 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.