Lucene search
HistoryMay 22, 2012 - 3:55 p.m.
CVE-2012-2927
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
8.6
Confidence
High
EPSS
0.004
Percentile
73.8%
The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote authenticated users to cause a denial of service (resource consumption) via unspecified vectors.
Affected configurations
Node
tm_softwaretempoRange≤6.4.3
ORtm_softwaretempoMatch2.2
ORtm_softwaretempoMatch2.3
ORtm_softwaretempoMatch2.3.1
ORtm_softwaretempoMatch2.4.1
ORtm_softwaretempoMatch2.5.1
ORtm_softwaretempoMatch2.6.1
ORtm_softwaretempoMatch2.7.1
ORtm_softwaretempoMatch2.8.1
ORtm_softwaretempoMatch4.0
ORtm_softwaretempoMatch4.0.1
ORtm_softwaretempoMatch4.1
ORtm_softwaretempoMatch4.2
ORtm_softwaretempoMatch4.3
ORtm_softwaretempoMatch4.4
ORtm_softwaretempoMatch4.4.2
ORtm_softwaretempoMatch4.5
ORtm_softwaretempoMatch4.5.2
ORtm_softwaretempoMatch5.0
ORtm_softwaretempoMatch5.1
ORtm_softwaretempoMatch5.1.1
ORtm_softwaretempoMatch5.2
ORtm_softwaretempoMatch5.2.1
ORtm_softwaretempoMatch5.2.2
ORtm_softwaretempoMatch5.2.3
ORtm_softwaretempoMatch5.3
ORtm_softwaretempoMatch5.3.1
ORtm_softwaretempoMatch5.3.2
ORtm_softwaretempoMatch5.3.3
ORtm_softwaretempoMatch5.3.3.1
ORtm_softwaretempoMatch5.4
ORtm_softwaretempoMatch5.4.1
ORtm_softwaretempoMatch5.4.2
ORtm_softwaretempoMatch6.0.0
ORtm_softwaretempoMatch6.0.1
ORtm_softwaretempoMatch6.0.2
ORtm_softwaretempoMatch6.0.3
ORtm_softwaretempoMatch6.1.0
ORtm_softwaretempoMatch6.1.1jira42
ORtm_softwaretempoMatch6.2.0
ORtm_softwaretempoMatch6.2.1-jira42
ORtm_softwaretempoMatch6.2.2jira42
ORtm_softwaretempoMatch6.2.3jira42
ORtm_softwaretempoMatch6.2.4jira42
ORtm_softwaretempoMatch6.2.5jira42
ORtm_softwaretempoMatch6.2.6jira42
ORtm_softwaretempoMatch6.2.7jira42
ORtm_softwaretempoMatch6.3.1jira42
ORtm_softwaretempoMatch6.4jira42
ORtm_softwaretempoMatch6.4.2
ORtm_softwaretempoMatch6.5
ORtm_softwaretempoMatch7.0
ORtm_softwaretempoMatch7.0.0rc1
ORtm_softwaretempoMatch7.0.0rc2
ORtm_softwaretempoMatch7.0.2
ORtm_softwaretempo6.3.0Matchjira42
ORtm_softwaretempo6.3.2Matchjira42
atlassianjiraMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tm_software | tempo | * | cpe:2.3:a:tm_software:tempo:*:*:*:*:*:*:*:* |
| tm_software | tempo | 2.2 | cpe:2.3:a:tm_software:tempo:2.2:*:*:*:*:*:*:* |
| tm_software | tempo | 2.3 | cpe:2.3:a:tm_software:tempo:2.3:*:*:*:*:*:*:* |
| tm_software | tempo | 2.3.1 | cpe:2.3:a:tm_software:tempo:2.3.1:*:*:*:*:*:*:* |
| tm_software | tempo | 2.4.1 | cpe:2.3:a:tm_software:tempo:2.4.1:*:*:*:*:*:*:* |
| tm_software | tempo | 2.5.1 | cpe:2.3:a:tm_software:tempo:2.5.1:*:*:*:*:*:*:* |
| tm_software | tempo | 2.6.1 | cpe:2.3:a:tm_software:tempo:2.6.1:*:*:*:*:*:*:* |
| tm_software | tempo | 2.7.1 | cpe:2.3:a:tm_software:tempo:2.7.1:*:*:*:*:*:*:* |
| tm_software | tempo | 2.8.1 | cpe:2.3:a:tm_software:tempo:2.8.1:*:*:*:*:*:*:* |
| tm_software | tempo | 4.0 | cpe:2.3:a:tm_software:tempo:4.0:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2012-05-22 15:55:00
cvelist
cvelist
CVE-2012-2927
2012-05-22 15:00:00
cve
cve
CVE-2012-2927
2012-05-22 15:55:02
nessus
nessus
Atlassian JIRA < 5.0.1 XML Parsing DoS
2012-06-01 00:00:00
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
AI Score
8.6
Confidence
High
EPSS
0.004
Percentile
73.8%
Related for NVD:CVE-2012-2927