Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Atlassian have revealed the existence of several security vulnerabilities, namely CVE-2022-25647, CVE-2023-22512, CVE-2023-22513, and CVE-2023-28709, which affect their products. These vulnerabilities have the potential to be exploited, leading to denial-of-service (DoS) attacks and remote code execution. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

thn 1

prion 4

cve 4

nessus 50

atlassian 11

kaspersky 2

cnvd 1

cgr 2

veracode 2

f5 2

osv 12

ibm 40

debian 4

openvas 15

ubuntucve 2

alpinelinux 1

debiancve 2

redhatcve 2

broadcom 2

ubuntu 1

wolfi 1

github 2

suse 1

mageia 2

amazon 2

photon 3

tomcat 4

redhat 14

almalinux 2

oraclelinux 2

gentoo 1

ics 1

oracle 4

thn

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server

2023-09-22 08:00:00

prion

Remote code execution

2023-09-19 17:15:00

Design/Logic Flaw

2024-01-16 18:15:00

Deserialization of untrusted data

2022-05-01 16:15:00

cve

CVE-2023-22513

2023-09-19 17:15:08

CVE-2023-22512

2024-01-16 18:15:09

CVE-2022-25647

2022-05-01 16:15:00

nessus

Atlassian Confluence < 7.19.14 / 8.5.x < 8.5.1 (CONFSERVER-91258)

2023-09-21 00:00:00

Apache Tomcat 11.0.0.M2 < 11.0.0.M5 DoS

2023-05-24 00:00:00

Debian DLA-3100-1 : libgoogle-gson-java - LTS security update

2022-09-07 00:00:00

atlassian

RCE (Remote Code Execution) in Bitbucket Data Center and Server

2023-09-12 19:14:38

Apache Tomcat CVE-2023-28709

2023-06-09 01:54:09

com.google.code.gson Vulnerability in Bitbucket Data Center and Server

2023-10-04 19:45:55

kaspersky

KLA49273 DoS vulnerability in Apache Tomcat

2023-04-18 00:00:00

KLA49274 DoS vulnerability in Apache Tomcat

2023-04-19 00:00:00

cnvd

Apache Tomcat Denial of Service Vulnerability (CNVD-2023-42970)

2023-05-28 00:00:00

cgr

CVE-2023-28709 vulnerabilities

2024-04-27 03:20:18

CVE-2022-25647 vulnerabilities

2024-04-27 03:20:18

veracode

Denial Of Service (DoS)

2023-05-24 05:01:05

Denial Of Service (DoS)

2022-05-04 14:43:44

K00994461 : GSON vulnerability CVE-2022-25647

2022-08-29 00:00:00

K000135262 : Apache Tomcat vulnerability CVE-2023-28709

2023-06-29 00:00:00

osv

libgoogle-gson-java vulnerability

2024-03-12 15:54:06

Deserialization of Untrusted Data in Gson

2022-05-03 00:00:44

CVE-2022-25647

2022-05-01 16:15:08

ibm

Security Bulletin: IBM Security Guardium is affected by a denial of service vulnerability (CVE-2022-25647)

2023-01-18 22:01:26

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Google Gson denial of service vulnerabilities ( CVE-2022-25647, ID217225)

2022-12-07 20:24:18

Security Bulletin: Vulnerability in Google gson 2.2.4 libraries (CVE-2022-25647) affects IBM Operations Analytics Predictive Insights

2023-07-21 15:38:42

debian

[SECURITY] [DSA 5227-1] libgoogle-gson-java security update

2022-09-07 10:22:18

[SECURITY] [DLA 3100-1] libgoogle-gson-java security update

2022-09-07 09:14:24

[SECURITY] [DLA 3001-1] libgoogle-gson-java security update

2022-05-13 21:45:43

openvas

Debian: Security Advisory (DLA-3001-1)

2022-05-14 00:00:00

Ubuntu: Security Advisory (USN-6692-1)

2024-03-13 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:2044-1)

2022-06-13 00:00:00

ubuntucve

CVE-2022-25647

2022-05-01 00:00:00

CVE-2023-28709

2023-05-22 00:00:00

alpinelinux

CVE-2022-25647

2022-05-01 16:15:00

debiancve

CVE-2022-25647

2022-05-01 16:15:00

CVE-2023-28709

2023-05-22 11:15:09

redhatcve

CVE-2022-25647

2022-05-02 07:38:06

CVE-2023-28709

2023-05-26 17:11:03

broadcom

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization

2023-08-29 00:00:00

Oracle Java SE Multiple Vulnerabilities (July 2022 CPU update) CVE-2022-21540 CVE-2022-21541 CVE-2022-21549 CVE-2022-25647 CVE-2022-34169

2023-08-29 00:00:00

ubuntu

Gson vulnerability

2024-03-12 00:00:00

wolfi

CVE-2022-25647 vulnerabilities

2024-04-27 03:16:47

github

Deserialization of Untrusted Data in Gson

2022-05-03 00:00:44

Apache Tomcat - Fix for CVE-2023-24998 was incomplete

2023-07-06 21:14:59

suse

Security update for google-gson (important)

2022-06-10 00:00:00

mageia

Updated google-gson packages fix security vulnerability

2022-09-21 21:15:27

Updated tomcat packages fix security vulnerability

2023-05-31 09:41:32

amazon

Important: tomcat

2024-04-11 01:07:00

Important: tomcat8

2023-07-05 21:44:00

photon

Important Photon OS Security Update - PHSA-2023-4.0-0411

2023-06-16 00:00:00

Important Photon OS Security Update - PHSA-2023-5.0-0030

2023-06-16 00:00:00

Critical Photon OS Security Update - PHSA-2023-3.0-0599

2023-06-17 00:00:00

tomcat

Fixed in Apache Tomcat 9.0.74

2023-04-18 00:00:00

Fixed in Apache Tomcat 8.5.88

2023-04-19 00:00:00

Fixed in Apache Tomcat 10.1.8

2023-04-19 00:00:00

redhat

(RHSA-2022:5029) Moderate: Red Hat build of Eclipse Vert.x 4.2.7 security update

2022-06-23 10:38:34

(RHSA-2023:7065) Moderate: tomcat security and bug fix update

2023-11-14 08:44:23

(RHSA-2023:6570) Moderate: tomcat security and bug fix update

2023-11-07 06:08:48

almalinux

Moderate: tomcat security and bug fix update

2023-11-14 00:00:00

Moderate: tomcat security and bug fix update

2023-11-07 00:00:00

oraclelinux

tomcat security and bug fix update

2023-11-17 00:00:00

tomcat security and bug fix update

2023-11-11 00:00:00

gentoo

Apache Tomcat: Multiple Vulnerabilities

2023-05-30 00:00:00

ics

Siemens SINEC NMS

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

70.7%

JSON

Related for HIVEPRO:6447122B5EA2A5B40445A46A664EF345