Lucene search
K

517 matches found

Atlassian
Atlassian
added 2024/06/07 4:11 a.m.42 views

SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server

This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...

8.1CVSS7.9AI score0.03967EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/05/24 12:0 a.m.8 views

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date processing system, related to errors in handling input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center are related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

9CVSS7.8AI score0.88267EPSS
Exploits9References3Affected Software2
VulnCheck KEV
VulnCheck KEV
added 2024/05/23 12:0 a.m.4 views

VulnCheck KEV: CVE-2024-21683

This High severity RCE Remote Code Execution vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 8.3, allows an authenticated attacker to execute arbitrary code which has high impact to...

8.8CVSS7.6AI score0.88267EPSS
Exploits9References1
OSV
OSV
added 2024/05/21 11:15 p.m.0 views

CVE-2024-21683

This High severity RCE Remote Code Execution vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE Remote Code Execution vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentialit...

8.8CVSS6.1AI score0.88267EPSS
Exploits9References2
CVE
CVE
added 2024/05/21 11:0 p.m.487 views

CVE-2024-21683

CVE-2024-21683 is an authenticated Remote Code Execution in Atlassian Confluence Data Center and Server. The issue arises from the Rhino script engine parsing tainted data in uploaded text/files, allowing an attacker with necessary privileges (e.g., admin) to execute arbitrary host code. Affected...

8.8CVSS8.8AI score0.88267EPSS
In wildExploits9References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/21 12:0 a.m.4 views

PT-2024-3665 · Atlassian · Confluence

Name of the Vulnerable Software and Affected Versions: Confluence Data Center and Server versions 5.2 through 8.9.0 Confluence Data Center versions 8.8.0 through 8.8.1 Confluence Data Center versions 8.7.0 through 8.7.2 Confluence Data Center versions 8.6.0 through 8.6.2 Confluence Data Center...

9CVSS8.9AI score0.88267EPSS
Exploits9References55
Atlassian
Atlassian
added 2024/05/16 4:11 a.m.48 views

SQLi (SQL Injection) org.postgresql:postgresql Dependency in Confluence Data Center and Server

This Critical severity org.postgresql:postgresql Dependency vulnerability was introduced in versions 6.0.1 of Confluence Data Center and Server. Confluence Data Center is unaffected by this vulnerability as it does not use the PreferQueryMode=SIMPLE parameter required for this vulnerability in it...

10CVSS9.7AI score0.0481EPSS
Exploits0
Atlassian
Atlassian
added 2024/04/04 5:45 a.m.40 views

DoS (Denial of Service) software.amazon.ion:ion-java Dependency in Confluence Data Center and Server

This High severity software.amazon.ion:ion-java Dependency vulnerability was introduced in versions 5.6 of Confluence Data Center and Server. This software.amazon.ion:ion-java Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...

7.5CVSS7.6AI score0.0082EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/03/22 12:0 a.m.6 views

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center involves the possibility of bypassing access-controlled directories, allowing attackers to influence the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center involves the possibility of bypassing access-controlled directories. Exploiting this vulnerability allows a malicious actor to influence the confidentiality, integrity, and accessibility of protected...

8.3CVSS7.4AI score0.00926EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/03/19 12:0 a.m.2 views

Atlassian Confluence Server Security Vulnerability

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A security vulnerability exists in Atlassian Confluence Data Center and Server 6.13.0 that stems...

8.8CVSS6.9AI score0.00926EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/17 12:0 a.m.2 views

PT-2024-2437 · Atlassian +3 · Confluence +3

Name of the Vulnerable Software and Affected Versions: Apache Commons Configuration versions 2.0 through 2.10.0 Confluence Data Center and Server versions prior to 8.9.1 Confluence Data Center versions 8.8.0 through 8.8.1 Confluence Data Center versions 8.7.0 through 8.7.2 Confluence Data Center...

10CVSS6.4AI score0.02054EPSS
Exploits0References48
Atlassian
Atlassian
added 2024/03/07 2:45 a.m.51 views

DoS (Denial of Service) org.eclipse.jetty:jetty-http Dependency in Confluence Data Center and Server

This High severity org.eclipse.jetty:jetty-http Dependency vulnerability was introduced in versions 5.3 of Confluence Data Center and Server. This org.eclipse.jetty:jetty-http Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allo...

7.5CVSS7.3AI score0.03754EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2024/02/28 12:0 a.m.32 views

Atlassian Confluence 6.0.1 < 7.19.18 / 7.20.x < 8.5.5 / 8.6.x < 8.7.2 / 8.8.0 (CONFSERVER-94110)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94110 advisory. - A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack ...

7.5CVSS7.1AI score0.009EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/02/22 12:0 a.m.5 views

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date center, related to the lack of protective measures for the website structure, allows attackers to execute arbitrary code.

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8.5CVSS7.9AI score0.00471EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2024/02/20 6:15 p.m.19 views

CVE-2024-21678

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

8.5CVSS8.2AI score0.00471EPSS
Exploits0References2
OSV
OSV
added 2024/02/20 6:15 p.m.3 views

CVE-2024-21678

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

8.5CVSS7.6AI score0.00471EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.2 views

PT-2024-1778 · Atlassian · Confluence

Name of the Vulnerable Software and Affected Versions: Confluence Data Center versions 2.7.0 through 8.7.1 Confluence Data Center versions 8.6.0 through 8.6.1 Confluence Data Center versions 8.5.0 through 8.5.4 LTS Confluence Data Center versions 8.4.0 through 8.4.5 Confluence Data Center version...

8.5CVSS8.1AI score0.00471EPSS
Exploits0References19
Atlassian
Atlassian
added 2024/02/14 8:46 p.m.53 views

com.google.guava:guava Dependency in Confluence Data Center and Server

This High severity com.google.guava:guava Dependency vulnerability was introduced in versions 4.0 of Confluence Data Center and Server. This com.google.guava:guava Dependency vulnerability, with a CVSS Score of 7.1 and a CVSS Vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N allows an...

7.1CVSS7.7AI score0.00248EPSS
Exploits0
Atlassian
Atlassian
added 2024/01/31 6:46 a.m.52 views

DoS (Denial of Service) org.json:json Dependency in Confluence Data Center and Server

This High severity org.json:json Dependency vulnerability was introduced in versions 3.0 of Confluence Data Center and Server. This org.json:json Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker...

7.5CVSS7.1AI score0.01449EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/01/25 12:0 a.m.6 views

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center’s date center, related to insufficient validation of input data, allows attackers to disclose protected information.

The vulnerability of the Atlassian Confluence Server web server and the Confluence Data Center are related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

8.6CVSS7.5AI score0.01768EPSS
Exploits0References4Affected Software2
Rows per page
Query Builder