Lucene search
K

310 matches found

BDU FSTEC
BDU FSTEC
added 2024/12/05 12:0 a.m.4 views

The vulnerability of the confluence-cfg.xml configuration file in the Confluence Data Center for Windows operating systems allows a perpetrator to increase their privileges and gain unauthorized access to protected information.

The vulnerability of the confluence-cfg.xml configuration file in Confluence Data Center operating systems for Windows is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability can allow attackers to enhance their privileges and gain unauthorized...

6.4CVSS5.5AI score0.00202EPSS
Exploits0References2Affected Software1
Atlassian
Atlassian
added 2024/12/04 1:18 a.m.23 views

RCE (Remote Code Execution) org.apache.avro:avro Dependency in Confluence Data Center and Server

This High severity org.apache.avro:avro Dependency vulnerability was introduced in versions 6.5 of Confluence Data Center and Server. This org.apache.avro:avro Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L allows an...

9.2CVSS7.5AI score0.03278EPSS
Exploits0
Atlassian
Atlassian
added 2024/11/29 5:45 p.m.25 views

com.hazelcast:hazelcast Dependency in Confluence Data Center and Server

This High severity com.hazelcast:hazelcast Dependency vulnerability was introduced in versions 3.7 of Confluence Data Center and Server. This com.hazelcast:hazelcast Dependency vulnerability, with a CVSS Score of 7.6 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L allows an...

7.6CVSS6.5AI score0.00503EPSS
Exploits0
NVD
NVD
added 2024/11/27 5:15 p.m.29 views

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

6.4CVSS0.00202EPSS
Exploits0References1
OSV
OSV
added 2024/11/27 5:15 p.m.6 views

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

6.4CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2024/11/27 5:0 p.m.33 views

CVE-2024-21703

This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitiv...

0.00202EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/27 12:0 a.m.4 views

Atlassian Confluence Data Center and Server 安全漏洞

Atlassian Confluence Data Center and Server is a data center from Atlassian Australia. A security vulnerability exists in Atlassian Confluence Data Center and Server that stems from the fact that the confluence.cfg.xml file is readable by default by users in the BUILTIN/Users group...

6.4CVSS6.7AI score0.00202EPSS
Exploits0References1
Atlassian
Atlassian
added 2024/11/21 10:54 p.m.30 views

org.apache.commons:commons-compress Dependency in Confluence Data Center and Server

This High severity org.apache.commons:commons-compress Dependency vulnerability was introduced in versions 7.14 of Confluence Data Center and Server. This org.apache.commons:commons-compress Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of...

8.1CVSS6.7AI score0.00441EPSS
Exploits0
Atlassian
Atlassian
added 2024/11/13 6:59 a.m.39 views

CVE-2024-38819: Path traversal vulnerability in org.springframework:spring-webmvc used by Confluence Data Center

h3. Issue Summary Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the...

7.5CVSS6.6AI score0.54862EPSS
Exploits6
Atlassian
Atlassian
added 2024/11/06 6:11 a.m.35 views

Path Traversal org.springframework:spring-webmvc Dependency in Confluence Data Center and Server

This High severity org.springframework:spring-webmvc Dependency vulnerability was introduced in versions 3.0 of Confluence Data Center and Server. This org.springframework:spring-webmvc Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS7.1AI score0.14718EPSS
Exploits1
Atlassian
Atlassian
added 2024/11/05 7:11 p.m.24 views

DoS (Denial of Service) org.bouncycastle:bcprov-jdk18on Dependency in Confluence Data Center and Server

This High severity org.bouncycastle:bcprov-jdk18on Dependency vulnerability was introduced in versions 3.7 of Confluence Data Center and Server. This org.bouncycastle:bcprov-jdk18on Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

7.5CVSS7.2AI score0.00753EPSS
Exploits0
Atlassian
Atlassian
added 2024/11/04 11:11 p.m.32 views

DoS (Denial of Service) org.apache.tomcat:tomcat-coyote Dependency in Confluence Data Center and Server

This High severity org.apache.tomcat:tomcat-coyote Dependency vulnerability was introduced in versions 6.5 of Confluence Data Center and Server. This org.apache.tomcat:tomcat-coyote Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:...

7.5CVSS7.3AI score0.23072EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/11/01 12:0 a.m.6 views

PT-2024-9090 · Microsoft +1 · Windows +2

Name of the Vulnerable Software and Affected Versions: Confluence Data Center and Server version 8.8.1 Confluence Data Center and Server versions prior to 7.19.18 Confluence Data Center and Server versions prior to 8.5.5 Confluence Data Center and Server versions prior to 8.7.2 Confluence Data...

6.4CVSS5.9AI score0.00202EPSS
Exploits0References7
Atlassian
Atlassian
added 2024/10/23 4:58 a.m.23 views

Prototype Pollution json5 Dependency in Confluence Data Center

This High severity json5 Dependency vulnerability was introduced in versions 5.9 of Confluence Data Center. This json5 Dependency vulnerability, with a CVSS Score of 7.1, allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to...

8.8CVSS6.3AI score0.09304EPSS
Exploits1
Atlassian
Atlassian
added 2024/10/23 4:58 a.m.22 views

DoS (Denial of Service) minimatch Dependency in Confluence Data Center

This High severity minimatch Dependency vulnerability was introduced in versions 7.19.0 of Confluence Data Center. This minimatch Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has no...

7.5CVSS6.8AI score0.01674EPSS
Exploits0
Atlassian
Atlassian
added 2024/10/23 4:58 a.m.28 views

DoS (Denial of Service) braces Dependency in Confluence Data Center

This High severity braces Dependency vulnerability was introduced in versions 7.11 of Confluence Data Center. This braces Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has no impact to...

7.5CVSS7.1AI score0.01471EPSS
Exploits1
Atlassian
Atlassian
added 2024/10/10 8:18 p.m.35 views

Stored XSS in Confluence Data Center and Server

This High severity Stored XSS vulnerability was introduced in version 3.0 of Confluence Data Center and Server. This Stored XSS vulnerability, with a CVSS Score of 8.1, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

8.8CVSS9.1AI score0.72648EPSS
Exploits15
Atlassian
Atlassian
added 2024/09/20 8:48 a.m.27 views

DoS (Denial of Service) decode-uri-component Dependency in Confluence Data Center

This High severity decode-uri-component Dependency vulnerability was introduced in version 7.0.1 of Confluence Data Center. This decode-uri-component Dependency vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to expose assets in your environment susceptible to...

7.5CVSS7.1AI score0.24928EPSS
Exploits1
Atlassian
Atlassian
added 2024/09/20 8:47 a.m.33 views

BASM (Broken Authentication & Session Management) browserify-sign Dependency in Confluence Data Center

This High severity BASM Broken Authentication & Session Management vulnerability was introduced in version 7.11 of Confluence Data Center. This BASM Broken Authentication & Session Management vulnerability, with a CVSS Score of 7.5, allows an unauthenticated attacker to exploit a cryptographic...

7.5CVSS7.1AI score0.00508EPSS
Exploits0
Atlassian
Atlassian
added 2024/08/28 4:11 p.m.33 views

DoS (Denial of Service) org.apache.commons:commons-configuration2 Dependency in Confluence Data Center and Server

This High severity org.apache.commons:commons-configuration2 Dependency vulnerability was introduced in versions 6.0 of Confluence Data Center and Server. This org.apache.commons:commons-configuration2 Dependency vulnerability, with a CVSS Score of 7.3 and a CVSS Vector of...

7.3CVSS7.7AI score0.02054EPSS
Exploits0
Rows per page
Query Builder