7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
64.6%
h3. Issue Summary
This is reproducible on Data Center: (/)
Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a later version to fix [CVE-2023-46589|https://nvd.nist.gov/vuln/detail/CVE-2023-46589].
h3. Environment
These are Tomcat versions affected by CVE-2023-46589.
h3. Steps to Reproduce
h3. Expected Results
h3. Actual Results
h3. Workaround
To mitigate the issue, it is possible to manually upgrade Apache Tomcat by following the process described in the KB article below but please note that this will place the application in an {}unsupported state{}:
{}WARNING{}: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Confluence running over unofficial Tomcat versions.
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
64.6%