Lucene search

AtlassianCVELIST:CVE-2021-43940

HistoryFeb 15, 2022 - 3:15 a.m.

CVE-2021-43940

2022-02-1503:15:09

CWE-427

atlassian

www.cve.org

cve-2021-43940

atlassian confluence

dll hijacking

windows

elevated privileges

AI Score

7.6

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

CNA Affected

[
  {
    "product": "Confluence Server",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "7.4.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "7.5.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.12.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Confluence Data Center",
    "vendor": "Atlassian",
    "versions": [
      {
        "lessThan": "7.4.10",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "7.5.0",
        "versionType": "custom"
      },
      {
        "lessThan": "7.12.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

jira.atlassian.com/browse/CONFSERVER-66550