Lucene search

K
atlassianSecurity-metrics-botCONFSERVER-68844
HistoryAug 27, 2021 - 3:55 a.m.

RCE on Confluence Data Center via OGNL Injection - CVE-2021-39114

2021-08-2703:55:57
security-metrics-bot
jira.atlassian.com
68

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

100.0%

A user with a valid account on a Confluence Server or Data Center instance is able to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload.

The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

Affected versions:

* version < 6.13.23
 * 6.14.0 ≤ version < 7.4.11
 * 7.5.0 ≤ version < 7.11.6
 * 7.12.0 ≤ version < 7.12.5

Fixed versions:

* 6.13.23
 * 7.4.11
 * 7.11.6
 * 7.12.5
 * 7.13.0

Affected configurations

Vulners
Node
atlassianconfluence_data_centerRange7.12.4
OR
atlassianconfluence_data_centerRange<6.13.23
OR
atlassianconfluence_data_centerRange<7.4.11
OR
atlassianconfluence_data_centerRange<7.11.6
OR
atlassianconfluence_data_centerRange<7.12.5
OR
atlassianconfluence_data_centerRange<7.13.0

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.974 High

EPSS

Percentile

100.0%