Affected versions of Atlassian Fisheye and Crucible allow an unauthenticated remote attacker to achieve remote code execution, denial of service and XML external entities in Atlassian Gadgets. The CVEs involved were:

CVE-2012-0881
CVE-2019-10172
CVE-2018-1000632
CVE-2016-1000031
CVE-2014-0114
CVE-2020-26217

The affected versions are before version 4.8.6.

Affected versions:

version < 4.8.6

Fixed versions:

4.8.6

CPENameOperatorVersion
fisheyele4.7.0
fisheyele4.8.0
fisheyelt4.8.6

Name	Operator	Version
fisheye	le	4.7.0
fisheye	le	4.8.0
fisheye	lt	4.8.6

atlassian 6

ibm 77

osv 10

nessus 33

openvas 10

prion 4

freebsd 1

redhatcve 1

github 3

fedora 3

symantec 2

debiancve 4

suse 5

cve 4

f5 1

ubuntu 1

checkpoint_advisories 3

veracode 3

oraclelinux 1

mageia 2

ubuntucve 5

debian 4

redhat 5

cisa 1

cisco 1

zdi 1

githubexploit 2

amazon 1

nuclei 1

cgr 1

centos 1

securityvulns 1

packetstorm 1

atlassian

Update atlassian-gadgets to 4.2.39 to fix CVE-2012-0881, CVE-2014-0114 and other vulnerabilities

2021-02-03 22:43:13

Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031

2019-02-14 22:03:17

Fisheye had a vulnerable version of Apache Commons FileUpload - CVE-2016-1000031

2019-02-14 22:03:17

ibm

Security Bulletin: Vulnerability in Apache Commons FileUpload affects IBM Spectrum Control and Tivoli Storage Productivity Center (CVE-2016-1000031)

2022-02-22 19:27:34

Security Bulletin: IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation are affected by the ability to execute remote attacker’s arbitrary code on a target machine vulnerability

2018-06-17 12:19:02

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Rational ClearCase (CVE-2016-1000031)

2018-07-10 08:34:12

osv

Improper Access Control in commons-fileupload

2018-12-21 17:51:51

dom4j vulnerability

2020-11-05 16:09:57

CVE-2018-1000632

2018-08-20 19:31:31

nessus

Apache Struts <= 2.3.36 FileUpload Deserialization Vulnerability

2018-11-05 00:00:00

EulerOS 2.0 SP2 : dom4j (EulerOS-SA-2019-2405)

2019-12-10 00:00:00

Ubuntu 16.04 LTS : dom4j vulnerability (USN-4619-1)

2020-11-06 00:00:00

openvas

openSUSE: Security Advisory for jakarta-commons-fileupload (openSUSE-SU-2019:1399-1)

2019-05-16 00:00:00

openSUSE: Security Advisory for dom4j (openSUSE-SU-2018:2931-1)

2018-09-28 00:00:00

openSUSE: Security Advisory for dom4j (openSUSE-SU-2018:3998-1)

2018-12-10 00:00:00

prion

Remote code execution

2016-10-25 14:29:00

Input validation

2018-08-20 19:31:00

Code injection

2017-10-30 16:29:00

freebsd

Axis2 -- Security vulnerability on dependency Apache Commons FileUpload

2016-11-14 00:00:00

redhatcve

CVE-2018-1000632

2020-03-16 07:35:07

github

Dom4j contains a XML Injection vulnerability

2018-10-16 17:01:25

Improper Access Control in commons-fileupload

2018-12-21 17:51:51

Denial of service in Apache Xerces2

2020-06-15 18:51:38

fedora

[SECURITY] Fedora 33 Update: dom4j-2.0.3-1.fc33

2021-05-12 16:13:28

[SECURITY] Fedora 34 Update: dom4j-2.0.3-1.fc34

2021-05-12 05:44:36

[SECURITY] Fedora 20 Update: struts-1.3.10-10.fc20

2014-08-23 02:00:36

symantec

FasterXML Jackson CVE-2019-10172 Multiple XML External Entity Injection Vulnerabilities

2019-11-18 00:00:00

Novell NetIQ Sentinel CVE-2016-1000031 Remote Code Execution Vulnerability

2016-10-17 00:00:00

debiancve

CVE-2018-1000632

2018-08-20 19:31:00

CVE-2016-1000031

2016-10-25 14:29:00

CVE-2020-26217

2020-11-16 21:15:00

suse

Security update for dom4j (moderate)

2018-12-08 00:22:56

Security update for dom4j (moderate)

2018-09-28 12:13:53

Security update for dom4j (moderate)

2018-12-07 12:12:51

cve

CVE-2016-1000031

2016-10-25 14:29:00

CVE-2018-1000632

2018-08-20 19:31:00

CVE-2012-0881

2017-10-30 16:29:00

K25206238 : Apache Commons FileUpload vulnerability CVE-2016-1000031

2018-04-02 00:00:00

ubuntu

dom4j vulnerability

2020-11-05 00:00:00

checkpoint_advisories

XStream Remote Code Execution (CVE-2020-26217)

2020-12-21 00:00:00

Apache Struts Remote Code Execution (CVE-2016-1000031)

2018-11-07 00:00:00

Apache Struts 2 Commons FileUpload Insecure Deserialization (CVE-2016-1000031)

2019-02-14 00:00:00

veracode

Remote Code Execution (RCE)

2020-11-17 05:32:23

XML External Entity (XXE)

2018-08-21 09:14:23

Denial Of Service (DoS)

2017-10-31 05:53:02

oraclelinux

xstream security update

2021-01-19 00:00:00

mageia

Updated dom4j packages fix security vulnerability

2019-02-14 11:38:16

Updated struts packages fix CVE-2014-0114

2014-05-15 02:13:20

ubuntucve

CVE-2018-1000632

2018-08-20 00:00:00

CVE-2012-0881

2017-10-30 00:00:00

CVE-2016-1000031

2016-10-25 00:00:00

debian

[SECURITY] [DLA 1517-1] dom4j security update

2018-09-24 18:11:01

[SECURITY] [DSA 4811-1] libxstream-java security update

2020-12-15 12:12:12

[SECURITY] [DLA 2471-1] libxstream-java security update

2020-12-01 03:37:05

redhat

(RHSA-2021:0106) Important: Red Hat Decision Manager 7.9.1 security update

2021-01-13 16:51:52

(RHSA-2021:0162) Important: xstream security update

2021-01-18 09:12:59

(RHSA-2021:0105) Important: Red Hat Process Automation Manager 7.9.1 security update

2021-01-13 16:51:47

cisa

Apache Releases Security Advisory for Apache Struts

2018-11-05 00:00:00

cisco

Apache Struts Commons FileUpload Library Remote Code Execution Vulnerability Affecting Cisco Products: November 2018

2018-11-07 00:00:00

zdi

Novell NetIQ Sentinel Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability

2016-10-17 00:00:00

githubexploit

Exploit for Improper Restriction of XML External Entity Reference in Fasterxml Jackson-Mapper-Asl

2020-10-14 12:00:20

Exploit for OS Command Injection in Xstream Project Xstream

2020-12-08 07:58:41

amazon

Important: xstream

2021-01-25 23:09:00

nuclei

XStream <1.4.14 - Remote Code Execution

2023-03-12 03:38:05

cgr

CVE-2019-10172 vulnerabilities

2024-04-19 09:08:06

centos

xstream security update

2021-01-25 14:08:47

securityvulns

Apache commons-beanutils code exeuction

2014-06-17 00:00:00

packetstorm

OSCAR EMR 15.21beta361 XSS / Disclosure / CSRF / Insecure Direct Object Reference

2018-08-23 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Related for FE-7345