Lucene search
+L

Atlassian Jira Service Management Data Center and Server 10.3.13 < 10.3.16 / 11.2.x < 11.2.1 (JSDSERVER-16459)

🗓️ 05 Feb 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 3 Views

Jira Service Management Data Center and Server before 10.3.16 or 11.2.1 are vulnerable to CVE-2021-3807; upgrade.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM QRadar Deployment Intelligence app for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
24 May 202218:37
ibm
IBM Security Bulletins
Security Bulletin: Security Vulnerabilities in moment, ansi-regex, Node.js, and minimatch may affect IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management (CVE-2022-31129, CVE-2022-24785, CVE-2021-3807, CVE-2022-29244, CVE-2022-3517)
17 Mar 202309:26
ibm
IBM Security Bulletins
Security Bulletin: IBM Integration Bus is vulnerable to denial of service due to ansi-regex module (CVE-2021-3807)
4 Jul 202216:16
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in Node.js, OpenSSL, trim, and Chalk ansi-regex module might affect IBM Storage Defender – Data Protect
31 Oct 202316:13
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities
30 Mar 202316:06
ibm
IBM Security Bulletins
Security Bulletin: IBM Cognos Analytics has addressed multiple vulnerabilities
15 Jul 202516:38
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar Use Case Manager app is vulnerable to using components with known vulnerabilities
20 Apr 202214:01
ibm
IBM Security Bulletins
Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
18 Oct 202213:51
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
31 May 202214:57
ibm
IBM Security Bulletins
Security Bulletin: Open Source Dependency Vulnerability
15 May 202318:01
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(298006);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/05");

  script_cve_id("CVE-2021-3807");

  script_name(english:"Atlassian Jira Service Management Data Center and Server 10.3.13 < 10.3.16 / 11.2.x < 11.2.1 (JSDSERVER-16459)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Atlassian Jira Service Management Data Center and Server (Jira Service Desk) host is missing a security
update.");
  script_set_attribute(attribute:"description", value:
"The version of Atlassian Jira Service Management Data Center and Server (Jira Service Desk) running on the remote host
is affected by a vulnerability as referenced in the JSDSERVER-16459 advisory.

  - ansi-regex is vulnerable to Inefficient Regular Expression Complexity (CVE-2021-3807)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://jira.atlassian.com/browse/JSDSERVER-16459");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Atlassian Jira Service Management Data Center and Server version 10.3.16, 11.2.1 or later.");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3807");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/17");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/02/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:atlassian:jira_service_desk");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("os_fingerprint.nasl", "jira_service_desk_installed_win.nbin", "jira_service_desk_installed_nix.nbin");
  script_require_keys("installed_sw/JIRA Service Desk Application");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::combined_get_app_info(app:'JIRA Service Desk Application');

var constraints = [
  { 'min_version' : '10.3.13', 'fixed_version' : '10.3.16' },
  { 'min_version' : '11.2.0', 'fixed_version' : '11.2.1' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

05 Feb 2026 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 3.17.5
CVSS 27.8
CVSS 37.5
EPSS0.03552
3