Lucene search

Security-metrics-botFE-7345

HistoryFeb 03, 2021 - 10:43 p.m.

Update atlassian-gadgets to 4.2.39 to fix CVE-2012-0881, CVE-2014-0114 and other vulnerabilities

2021-02-0322:43:13

security-metrics-bot

jira.atlassian.com

0.974 High

EPSS

Percentile

99.9%

JSON

Affected versions of Atlassian Fisheye and Crucible allow an unauthenticated remote attacker to achieve remote code execution, denial of service and XML external entities in Atlassian Gadgets. The CVEs involved were:

CVE-2012-0881
CVE-2019-10172
CVE-2018-1000632
CVE-2016-1000031
CVE-2014-0114
CVE-2020-26217

The affected versions are before version 4.8.6.

Affected versions:

version < 4.8.6

Fixed versions:

4.8.6

CPENameOperatorVersion
fisheyele4.7.0
fisheyele4.8.0
fisheyelt4.8.6

Name	Operator	Version
fisheye	le	4.7.0
fisheye	le	4.8.0
fisheye	lt	4.8.6

atlassian

Update atlassian-gadgets to 4.2.39 to fix CVE-2012-0881, CVE-2014-0114 and other vulnerabilities

2021-02-03 22:43:13

Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031

2019-02-14 22:03:17

Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031

2019-02-14 22:03:17

ibm

Security Bulletin: A Security Vulnerability has been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2016-1000031)

2018-06-16 20:13:10

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2016-1000031)

2018-07-10 08:34:12

Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability

2018-06-17 12:19:02

osv

Improper Access Control in commons-fileupload

2018-12-21 17:51:51

CVE-2018-1000632

2018-08-20 19:31:31

Denial of service in Apache Xerces2

2020-06-15 18:51:38

prion

Remote code execution

2016-10-25 14:29:00

Code injection

2017-10-30 16:29:00

Input validation

2018-08-20 19:31:00

nessus

Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability

2018-11-05 00:00:00

EulerOS 2.0 SP5 : xerces-j2 (EulerOS-SA-2020-2277)

2020-10-30 00:00:00

EulerOS 2.0 SP3 : xerces-j2 (EulerOS-SA-2020-2068)

2020-09-28 00:00:00

openvas

openSUSE: Security Advisory for jakarta-commons-fileupload (openSUSE-SU-2019:1399-1)

2019-05-16 00:00:00

SUSE: Security Advisory (SUSE-SU-2019:1212-1)

2021-06-09 00:00:00

Huawei EulerOS: Security Advisory for xerces-j2 (EulerOS-SA-2020-2068)

2020-09-29 00:00:00

freebsd

Axis2 -- Security vulnerability on dependency Apache Commons FileUpload

2016-11-14 00:00:00

cvelist

CVE-2012-0881

2017-10-30 16:00:00

CVE-2018-1000632

2018-08-20 19:00:00

CVE-2016-1000031

2016-10-25 14:00:00

fedora

[SECURITY] Fedora 34 Update: dom4j-2.0.3-1.fc34

2021-05-12 05:44:36

[SECURITY] Fedora 33 Update: dom4j-2.0.3-1.fc33

2021-05-12 16:13:28

github

Improper Access Control in commons-fileupload

2018-12-21 17:51:51

Dom4j contains a XML Injection vulnerability

2018-10-16 17:01:25

Denial of service in Apache Xerces2

2020-06-15 18:51:38

cve

CVE-2016-1000031

2016-10-25 14:29:00

CVE-2018-1000632

2018-08-20 19:31:31

CVE-2019-10172

2019-11-18 17:15:11

veracode

XML External Entity (XXE)

2018-08-21 09:14:23

Denial Of Service (DoS)

2017-10-31 05:53:02

Remote Code Execution (RCE)

2020-11-17 05:32:23

mageia

Updated dom4j packages fix security vulnerability

2019-02-14 11:38:16

ubuntucve

CVE-2018-1000632

2018-08-20 00:00:00

CVE-2016-1000031

2016-10-25 00:00:00

CVE-2012-0881

2017-10-30 00:00:00

symantec

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability

2016-10-17 00:00:00

FasterXML Jackson CVE-2019-10172 Multiple XML External Entity Injection Vulnerabilities

2019-11-18 00:00:00

redhatcve

CVE-2018-1000632

2020-03-16 07:35:07

K25206238 : Apache Commons FileUpload vulnerability CVE-2016-1000031

2018-04-02 00:00:00

debiancve

CVE-2016-1000031

2016-10-25 14:29:00

CVE-2012-0881

2017-10-30 16:29:00

CVE-2020-26217

2020-11-16 21:15:12

checkpoint_advisories

Apache Struts Remote Code Execution (CVE-2016-1000031)

2018-11-07 00:00:00

Apache Struts 2 Commons FileUpload Insecure Deserialization (CVE-2016-1000031)

2019-02-14 00:00:00

XStream Remote Code Execution (CVE-2020-26217)

2020-12-21 00:00:00

cisa

Apache Releases Security Advisory for Apache Struts

2018-11-05 00:00:00

zdi

Novell NetIQ Sentinel Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability

2016-10-17 00:00:00

cisco

Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018

2018-11-07 00:00:00

oraclelinux

xstream security update

2021-01-19 00:00:00

struts security update

2014-05-06 00:00:00

ubuntu

dom4j vulnerability

2020-11-05 00:00:00

githubexploit

Exploit for Improper Restriction of XML External Entity Reference in Fasterxml Jackson-Mapper-Asl

2020-10-14 12:00:20

Exploit for OS Command Injection in Xstream Project Xstream

2020-12-08 07:58:41

nuclei

XStream <1.4.14 - Remote Code Execution

2023-03-12 03:38:05

amazon

Important: xstream

2021-01-25 23:09:00

redhat

(RHSA-2021:0162) Important: xstream security update

2021-01-18 09:12:59

(RHSA-2021:0105) Important: Red Hat Process Automation Manager 7.9.1 security update

2021-01-13 16:51:47

(RHSA-2021:0106) Important: Red Hat Decision Manager 7.9.1 security update

2021-01-13 16:51:52

centos

xstream security update

2021-01-25 14:08:47

debian

[SECURITY] [DSA 4811-1] libxstream-java security update

2020-12-15 12:12:12

cgr

CVE-2019-10172 vulnerabilities

2024-04-30 09:06:13

securityvulns

Apache commons-beanutils code exeuction

2014-06-17 00:00:00

0.974 High

EPSS

Percentile

99.9%

JSON

Update atlassian-gadgets to 4.2.39 to fix CVE-2012-0881, CVE-2014-0114 and other vulnerabilities

Related