102 matches found
Design/Logic Flaw
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file...
CVE-2021-33208
CVE-2021-33208 – MashZone NextGen : Affected product is MashZone NextGen (through 10.7 GA; earlier versions implied by “through 10.7 GA”). The vulnerability is in the admin feature Register an Ehcache Configuration File , caused by an XML external entity (XXE) flaw in processing a malicious XML c...
Software AG MashZone NextGen 代码问题漏洞
Software AG MashZone NextGen is a software from Software AG, Germany. It is used to visualize data interactively. A security vulnerability exists in Software AG MashZone NextGen version 10.7 and earlier versions, which stems from the "Register an Ehcache Configuration File" administrative feature...
CVE-2020-36239
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....
CVE-2020-36239
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....
Deserialization of untrusted data
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....
CVE-2020-36239
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....
CVE-2020-36239
CVE-2020-36239 affects Jira Data Center, Jira Core Data Center, Jira Software Data Center (versions prior to 8.5.16 for 6.3.0 line, prior to 8.13.8 for 8.6.0 line, prior to 8.17.0 for 8.14.0 line) and Jira Service Management Data Center (prior to 4.5.16 for 2.0.2 line, prior to 4.13.8 for 4.6.0 l...
CVE-2020-36239
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....
Atlassian JIRA Data Center 访问控制错误漏洞
Atlassian JIRA Data Center is the data center version of Atlassian JIRA from Atlassian Australia. An Access Control Error vulnerability exists in Jira Data Center due to a lack of authentication in the Ehcache RMI web service that listens on ports 40001 TCP and 40011 TCP.A remote, unauthenticated...
Ehcache RMI 远程代码执行漏洞( CVE-2020-36239)
...
Critical Jira Flaw in Atlassian Could Lead to RCE
Atlassian has dropped a patch for a critical vulnerability in many versions of its Jira Data Center and Jira Service Management Data Center products, which can lead to arbitrary code execution. Atlassian is a platform that’s used by 180,000 customers to engineer software and manage projects, and...
PT-2021-3747 · Terracotta +1 · Ehcache +3
Name of the Vulnerable Software and Affected Versions: Jira Data Center versions 6.3.0 through 8.5.16 Jira Data Center versions 8.6.0 through 8.13.8 Jira Data Center versions 8.14.0 through 8.17.0 Jira Core Data Center versions 6.3.0 through 8.5.16 Jira Core Data Center versions 8.6.0 through...
CVE-2020-36239
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....
CVE-2019-14379
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache and logback JNDI gadgets when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLAS...
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...
jackson-databind: lacks certain net.sf.ehcache blocking
A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the ehcache gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLA...