ID SECURITYVULNS:DOC:20409 Type securityvulns Reporter Securityvulns Modified 2008-08-26T00:00:00
Description
ZoneMinder Multiple Vulnerabilities
by Filip Palian <filip (dot) palian (at) pjwstk (dot) edu (dot) pl>
Software affected: ZoneMinder <= 1.23.3
Severity: Critical
Description (from the vendor site):
ZoneMinder is an integrated set of applications which provide a complete surveillance solution
allowing capture, analysis, recording and monitoring of any CCTV or security cameras attached to a
Linux based machine.
Overview:
ZoneMinder is prone to Command Injection, SQL Injcetion and XSS. All attacks are possible because of
lack of user input sanitizing.
I. Command Injection
In the "zm_html_view_events.php" function executeFilter() doesn't validate user input.
In the "zm_html_view_state.php" parameter "run_state" is not validated.
II. SQL Injcetion
In the "zm_html_view_event.php" array "filter" is not validated.
III .XSS
In the "zm_html_view_*.php" multiple XSS exists.
Status:
At the moment no fixes were provided by the vendor. As a workaround restricted access to
authenticated users only and granting the lowest privileges is suggested.
Disclousre timeline:
18 VI 2008 Vulerability sent to the vendor.
18 VI 2008 Initial vendor response.
26 VIII 2008 Security bulletin released.
Link:
http://www.zoneminder.com/
Best regards,
Filip Palian.
{"id": "SECURITYVULNS:DOC:20409", "bulletinFamily": "software", "title": "ZoneMinder Multiple Vulnerabilities", "description": "ZoneMinder Multiple Vulnerabilities\r\n\r\nby Filip Palian <filip (dot) palian (at) pjwstk (dot) edu (dot) pl>\r\n\r\nSoftware affected: ZoneMinder <= 1.23.3\r\n\r\nSeverity: Critical\r\n\r\n\r\nDescription (from the vendor site):\r\nZoneMinder is an integrated set of applications which provide a complete surveillance solution\r\nallowing capture, analysis, recording and monitoring of any CCTV or security cameras attached to a\r\nLinux based machine.\r\n\r\n\r\nOverview:\r\nZoneMinder is prone to Command Injection, SQL Injcetion and XSS. All attacks are possible because of\r\nlack of user input sanitizing.\r\n\r\nI. Command Injection\r\nIn the "zm_html_view_events.php" function executeFilter() doesn't validate user input.\r\nIn the "zm_html_view_state.php" parameter "run_state" is not validated.\r\n\r\nII. SQL Injcetion\r\nIn the "zm_html_view_event.php" array "filter" is not validated.\r\n\r\nIII .XSS\r\nIn the "zm_html_view_*.php" multiple XSS exists.\r\n\r\n\r\nStatus:\r\nAt the moment no fixes were provided by the vendor. As a workaround restricted access to\r\nauthenticated users only and granting the lowest privileges is suggested.\r\n\r\n\r\nDisclousre timeline:\r\n18 VI 2008 Vulerability sent to the vendor.\r\n18 VI 2008 Initial vendor response.\r\n26 VIII 2008 Security bulletin released.\r\n\r\n\r\nLink:\r\nhttp://www.zoneminder.com/\r\n\r\n\r\nBest regards,\r\nFilip Palian.", "published": "2008-08-26T00:00:00", "modified": "2008-08-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20409", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:27", "edition": 1, "viewCount": 23, "enchantments": {"score": {"value": 1.0, "vector": "NONE", "modified": "2018-08-31T11:10:27", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB953331", "KB2874216", "KB980408", "KB3191913", "KB981401", "KB2510690", "KB317244", "KB2501721", "KB2785908", "KB2526297"]}], "modified": "2018-08-31T11:10:27", "rev": 2}, "vulnersScore": 1.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}
{"cve": [{"id": "CVE-2021-20409", "bulletinFamily": "NVD", "title": "CVE-2021-20409", "description": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 198188.", "published": "2021-02-12T17:15:00", "modified": "2021-02-12T18:39:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20409", "reporter": "psirt@us.ibm.com", "references": ["https://www.ibm.com/support/pages/node/6414771", "https://exchange.xforce.ibmcloud.com/vulnerabilities/196188"], "cvelist": ["CVE-2021-20409"], "type": "cve", "lastseen": "2021-04-28T11:49:14", "history": [{"bulletin": {"affectedConfiguration": [{"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}], "affectedSoftware": [{"cpeName": "ibm:security_verify_information_queue", "name": "ibm security verify information queue", "operator": "eq", "version": "1.0.7"}, {"cpeName": "ibm:security_verify_information_queue", "name": "ibm security verify information queue", "operator": "eq", "version": "1.0.6"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:ibm:security_verify_information_queue:1.0.6", "cpe:/a:ibm:security_verify_information_queue:1.0.7"], "cpe23": ["cpe:2.3:a:ibm:security_verify_information_queue:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_information_queue:1.0.6:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:security_verify_information_queue:1.0.6:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:security_verify_information_queue:1.0.7:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2021-20409"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-200"], "description": "IBM Security Verify Information Queue 1.0.6 and 1.0.7 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 198188.", "edition": 1, "enchantments": {"dependencies": {"modified": "2021-02-13T14:38:31", "references": [], "rev": 2}, "score": {"modified": "2021-02-13T14:38:31", "rev": 2, "value": 2.0, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.ibm.com/support/pages/node/6414771", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6414771"}, {"name": "ibm-sviq-cve202120409-info-disc (196188)", "refsource": "XF", "tags": ["Vendor Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196188"}], "hash": "3701905b85e84a71b48c92f90c6bf57b1676bce9911aa9b3e9fe8e6a2fda0339", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "1eda73a9c6e02356c1e45d5645fcd002", "key": "description"}, {"hash": "1291f16a99c4ef87352ad82294008f17", "key": "cvelist"}, {"hash": "818851bc2339b5cafd65e2ce354f418c", "key": "extraReferences"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "2a904da028d43576aede83d0b99960cb", "key": "cpe"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c92b2b292c06a4a94aec5c4f4353e6f8", "key": "published"}, {"hash": "eb693a78ca0a72e53894d996f1c96bc3", "key": "href"}, {"hash": "6d0472941a118240ed86cc9ced30d5d3", "key": "references"}, {"hash": "4ed2ee014d79a2a5cd947a590488072c", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "c8e87a3b207a5df191e0e0e62c4627d5", "key": "affectedConfiguration"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "89ab600b26aa1840bd3bce504a5d5130", "key": "modified"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "84cb000f01e65d0b726835cf9463852f", "key": "cpeConfiguration"}, {"hash": "234f0966aab402bf0bd11d0a55b2243b", "key": "cpe23"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a471d22fcf30a1970b7cac6fee021baf", "key": "affectedSoftware"}, {"hash": "b647a850fd42b235dd11ee60cf626f2d", "key": "cwe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20409", "id": "CVE-2021-20409", "immutableFields": [], "lastseen": "2021-02-13T14:38:31", "modified": "2021-02-12T18:39:00", "objectVersion": "1.5", "published": "2021-02-12T17:15:00", "references": ["https://www.ibm.com/support/pages/node/6414771", "https://exchange.xforce.ibmcloud.com/vulnerabilities/196188"], "reporter": "cve@mitre.org", "title": "CVE-2021-20409", "type": "cve", "viewCount": 23}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 1, "lastseen": "2021-02-13T14:38:31"}], "edition": 2, "hashmap": [{"key": "affectedConfiguration", "hash": "c8e87a3b207a5df191e0e0e62c4627d5"}, {"key": "affectedSoftware", "hash": "a471d22fcf30a1970b7cac6fee021baf"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "2a904da028d43576aede83d0b99960cb"}, {"key": "cpe23", "hash": "234f0966aab402bf0bd11d0a55b2243b"}, {"key": "cpeConfiguration", "hash": "9d0e89c772558914008645769896be93"}, {"key": "cvelist", "hash": "1291f16a99c4ef87352ad82294008f17"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "b647a850fd42b235dd11ee60cf626f2d"}, {"key": "description", "hash": "1eda73a9c6e02356c1e45d5645fcd002"}, {"key": "extraReferences", "hash": "818851bc2339b5cafd65e2ce354f418c"}, {"key": "href", "hash": "eb693a78ca0a72e53894d996f1c96bc3"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "89ab600b26aa1840bd3bce504a5d5130"}, {"key": "published", "hash": "c92b2b292c06a4a94aec5c4f4353e6f8"}, {"key": "references", "hash": "6d0472941a118240ed86cc9ced30d5d3"}, {"key": "reporter", "hash": "616af691aaa67f0ed52f598db0077b14"}, {"key": "title", "hash": "4ed2ee014d79a2a5cd947a590488072c"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ccff99a2fdbeb81fad0b57c51fdd67d3c37ae46c0e39b1153b7e7875ceecb4dc", "viewCount": 26, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-28T11:49:14", "rev": 2}, "score": {"value": 2.0, "vector": "NONE", "modified": "2021-04-28T11:49:14", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:ibm:security_verify_information_queue:1.0.6", "cpe:/a:ibm:security_verify_information_queue:1.0.7"], "affectedSoftware": [{"cpeName": "ibm:security_verify_information_queue", "name": "ibm security verify information queue", "operator": "eq", "version": "1.0.7"}, {"cpeName": "ibm:security_verify_information_queue", "name": "ibm security verify information queue", "operator": "eq", "version": "1.0.6"}], "affectedConfiguration": [{"cpeName": "linux:linux_kernel", "name": "linux linux kernel", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ibm:security_verify_information_queue:1.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ibm:security_verify_information_queue:1.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}]}, "extraReferences": [{"name": "https://www.ibm.com/support/pages/node/6414771", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6414771"}, {"name": "ibm-sviq-cve202120409-info-disc (196188)", "refsource": "XF", "tags": ["Vendor Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/196188"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:ibm:security_verify_information_queue:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:security_verify_information_queue:1.0.6:*:*:*:*:*:*:*"], "cwe": ["CWE-200"], "immutableFields": [], "scheme": null}, {"id": "CVE-2019-20409", "bulletinFamily": "NVD", "title": "CVE-2019-20409", "description": "The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.", "published": "2020-06-23T06:15:00", "modified": "2020-07-06T15:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20409", "reporter": "security@atlassian.com", "references": ["https://jira.atlassian.com/browse/JRASERVER-70944"], "cvelist": ["CVE-2019-20409"], "type": "cve", "lastseen": "2021-04-23T00:45:22", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "atlassian:jira_software_data_center", "name": "atlassian jira software data center", "operator": "lt", "version": "8.8.0"}, {"cpeName": "atlassian:jira", "name": "atlassian jira", "operator": "lt", "version": "8.8.0"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:atlassian:jira:8.8.0:*:*:*:*:*:*:*", "versionEndExcluding": "8.8.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:atlassian:jira_software_data_center:8.8.0:*:*:*:*:*:*:*", "versionEndExcluding": "8.8.0", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-74"], "description": "The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.", "edition": 8, "enchantments": {"dependencies": {"modified": "2020-12-09T21:41:50", "references": [{"idList": ["ATLASSIAN:JRASERVER-70940", "ATLASSIAN:JRASERVER-70944"], "type": "atlassian"}], "rev": 2}, "score": {"modified": "2020-12-09T21:41:50", "rev": 2, "value": 7.1, "vector": "NONE"}}, "extraReferences": [], "hash": "a21f10863d6e4b25c925e8866ea20458fd8dbd0c6424e2e37cfd58afca66769a", "hashmap": [{"hash": "4b2aa28f6cd2429cf85b03518f4d65f1", "key": "cwe"}, {"hash": "fc30ef575661306ca3b94198407da92f", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "1ea403c1abcafad68ad6ba66a63cf129", "key": "published"}, {"hash": "20ef2bede4ddf2da024e8a8a4a435ab7", "key": "title"}, {"hash": "1fe6aaf8bae6091d2be9c043d12515be", "key": "cvelist"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "f653f1ed54e78cc8e46a06ff42064514", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "87ec4b03c36995bd98250a57e8cb3010", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "e30c951bc133c61018572d08ecaf7e6a", "key": "cpeConfiguration"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "58f0354029a7fe6de53ba40f2d9db19c", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "54c0c8bef9ddf8f5998e8fc240aa7e1f", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20409", "id": "CVE-2019-20409", "lastseen": "2020-12-09T21:41:50", "modified": "2020-07-06T15:00:00", "objectVersion": "1.3", "published": "2020-06-23T06:15:00", "references": ["https://jira.atlassian.com/browse/JRASERVER-70944"], "reporter": "cve@mitre.org", "title": "CVE-2019-20409", "type": "cve", "viewCount": 14}, "differentElements": ["extraReferences"], "edition": 8, "lastseen": "2020-12-09T21:41:50"}, {"bulletin": {"affectedSoftware": [{"name": "atlassian jira", "operator": "eq", "version": "7.11.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.10"}, {"name": "atlassian jira", "operator": "eq", "version": "3.11"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.10"}, {"name": "atlassian jira", "operator": "eq", "version": "2.5.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.11"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.9.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.12.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.6"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.9"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.9"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.7"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "3.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.10"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.6"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.0"}, {"name": "atlassian jira", "operator": "eq", "version": "8.7.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.12.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.6"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.9"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.7"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.4.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.16"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.10"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.6"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.17"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.9"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.10.1"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.5.2"}, {"name": "atlassian jira", "operator": "eq", "version": "2.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.5.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.4"}, {"name": "atlassian jira", "operator": "eq", "version": "4.2.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.7"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.14"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.6"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.6"}, {"name": "atlassian jira", "operator": "eq", "version": "8.4.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.7.0"}, {"name": "atlassian jira", "operator": "eq", "version": "4.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.10"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.7"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.8"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.15"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.1"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.4"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.22"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.6"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.1"}, {"name": "atlassian jira", "operator": "eq", "version": "4.3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.11"}, {"name": "atlassian jira", "operator": "eq", "version": "3.5.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.12"}, {"name": "atlassian jira", "operator": "eq", "version": "8.1.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.13"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.15"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.9.3"}, {"name": "atlassian jira", "operator": "eq", "version": "4.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.12"}, {"name": "atlassian jira", "operator": "eq", "version": "7.10.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.3.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.1"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.7"}, {"name": "atlassian jira", "operator": "eq", "version": "8.6.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.10.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.6.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.7"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.6"}, {"name": "atlassian jira", "operator": "eq", "version": "4.1.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.10"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.8.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.15"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "8.1.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.11"}, {"name": "atlassian jira", "operator": "eq", "version": "3.10.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.12.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.10.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.11.0"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.9"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.8"}, {"name": "atlassian jira", "operator": "eq", "version": "2.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.13"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.17"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.2"}, {"name": "atlassian jira", "operator": "eq", "version": "2.5.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.7"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.5.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.11.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.11"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.12"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.6"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.9.0"}, {"name": "atlassian jira", "operator": "eq", "version": "8.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.7"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.1.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.3"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4"}, {"name": "atlassian jira", "operator": "eq", "version": "3.7.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.15"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.11"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.6"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.5.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.13"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.13"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.11"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.1.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.10"}, {"name": "atlassian jira", "operator": "eq", "version": "7.5.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.6.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "4.0.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.6"}, {"name": "atlassian jira", "operator": "eq", "version": "4.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.7.3"}, {"name": "atlassian jira", "operator": "eq", "version": "8.1.1"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.14"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.14"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.4"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.11"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.7.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.7.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.10.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.5"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.7"}, {"name": "atlassian jira", "operator": "eq", "version": "4.2.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13.3"}, {"name": "atlassian jira", "operator": "eq", "version": "8.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.9"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.8"}, {"name": "atlassian jira", "operator": "eq", "version": "4.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.12"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.4"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.5"}, {"name": "atlassian jira", "operator": "eq", "version": "3.3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "2.5.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.5.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.4"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.10"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.7"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.5.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.14"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.0.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.1.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.15"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.0.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.12.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.10"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.0.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.4"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.0"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.2_156"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.11"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.6"}, {"name": "atlassian jira", "operator": "eq", "version": "3.4.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.8.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.12"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.4.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.7.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.7.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.1"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.5"}, {"name": "atlassian jira", "operator": "eq", "version": "3.9"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.10.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.1.0"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.5"}, {"name": "atlassian jira", "operator": "eq", "version": "2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.13"}, {"name": "atlassian jira", "operator": "eq", "version": "-"}, {"name": "atlassian jira", "operator": "eq", "version": "2.4.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.14"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.7.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.10"}, {"name": "atlassian jira", "operator": "eq", "version": "8.4.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.14"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.12"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.5"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.14"}, {"name": "atlassian jira", "operator": "eq", "version": "8.4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "4.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.7.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.4"}, {"name": "atlassian jira", "operator": "eq", "version": "3.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.2"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.12.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.5.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.4"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.13"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.13"}, {"name": "atlassian jira", "operator": "eq", "version": "3.5.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.11"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.10.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.5.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.4"}, {"name": "atlassian jira", "operator": "eq", "version": "8.7.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.8"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.0"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.10"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.5"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.7"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.12"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.11"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.9.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.11.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.12"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.9.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.4.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.13"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.12.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.7.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.0.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.11"}, {"name": "atlassian jira", "operator": "eq", "version": "3.2.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.16"}, {"name": "atlassian jira", "operator": "eq", "version": "8.6.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.9"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.10_"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.6"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.4"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.9"}, {"name": "atlassian jira", "operator": "eq", "version": "3.12.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.11.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.6"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.4"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "8.4.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.8.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.5.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.5.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.3"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.10"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.4.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.12.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.5"}, {"name": "atlassian jira", "operator": "eq", "version": "3.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.12.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.9.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.9.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.5"}, {"name": "atlassian jira", "operator": "eq", "version": "3.8.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.9.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.11.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.12"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.9"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.6"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.8"}, {"name": "atlassian jira", "operator": "eq", "version": "3.4.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.10"}, {"name": "atlassian jira", "operator": "eq", "version": "8.7.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.14"}, {"name": "atlassian jira", "operator": "eq", "version": "7.12.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.12.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.8.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.7"}, {"name": "atlassian jira", "operator": "eq", "version": "3.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.11.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.9.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13.1"}, {"name": "atlassian jira", "operator": "eq", "version": "2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.6"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.12.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.7.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.10.2"}, {"name": "atlassian jira", "operator": "eq", "version": "2.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "2.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.9"}, {"name": "atlassian jira", "operator": "eq", "version": "4.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.6"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:atlassian:jira_software_data_center:7.6.15", "cpe:/a:atlassian:jira:8.2.5", "cpe:/a:atlassian:jira:5.1.6", "cpe:/a:atlassian:jira:6.4.6", "cpe:/a:atlassian:jira_software_data_center:8.3.0", "cpe:/a:atlassian:jira:7.6.10", "cpe:/a:atlassian:jira:7.13.10", "cpe:/a:atlassian:jira:5.0.5", "cpe:/a:atlassian:jira:6.3", "cpe:/a:atlassian:jira:7.3.9", "cpe:/a:atlassian:jira_software_data_center:7.4.4", "cpe:/a:atlassian:jira:7.13.13", "cpe:/a:atlassian:jira:7.2.6", "cpe:/a:atlassian:jira:7.6.2", "cpe:/a:atlassian:jira:2.1", "cpe:/a:atlassian:jira:6.3.13", "cpe:/a:atlassian:jira:6.3.10", "cpe:/a:atlassian:jira:3.5", "cpe:/a:atlassian:jira:6.3.3", "cpe:/a:atlassian:jira:6.3.5", "cpe:/a:atlassian:jira:3.2.1", "cpe:/a:atlassian:jira:8.7.0", "cpe:/a:atlassian:jira_software_data_center:8.6.0", "cpe:/a:atlassian:jira_software_data_center:7.9.0", "cpe:/a:atlassian:jira:7.4.2", "cpe:/a:atlassian:jira:4.2.1", "cpe:/a:atlassian:jira_software_data_center:7.4.1", "cpe:/a:atlassian:jira:7.13.14", "cpe:/a:atlassian:jira:6.3.14", "cpe:/a:atlassian:jira:3.9.2", "cpe:/a:atlassian:jira:7.1.7", "cpe:/a:atlassian:jira_software_data_center:7.13.5", "cpe:/a:atlassian:jira:5.0.2", "cpe:/a:atlassian:jira:7.10.1", "cpe:/a:atlassian:jira_software_data_center:7.0.10", "cpe:/a:atlassian:jira:7.5.0", "cpe:/a:atlassian:jira:8.2.4", "cpe:/a:atlassian:jira_software_data_center:7.10.1", "cpe:/a:atlassian:jira:3.2.3", "cpe:/a:atlassian:jira_software_data_center:7.0.5", "cpe:/a:atlassian:jira:7.9.0", "cpe:/a:atlassian:jira:6.0.5", "cpe:/a:atlassian:jira_software_data_center:8.5.3", "cpe:/a:atlassian:jira_software_data_center:7.7.0", "cpe:/a:atlassian:jira:7.8.2", "cpe:/a:atlassian:jira:2.4.1", "cpe:/a:atlassian:jira:2.3", "cpe:/a:atlassian:jira:3.10.2", "cpe:/a:atlassian:jira_software_data_center:8.5.5", "cpe:/a:atlassian:jira:5.1.8", "cpe:/a:atlassian:jira:3.3.3", "cpe:/a:atlassian:jira:6.0.8", "cpe:/a:atlassian:jira:4.3.3", "cpe:/a:atlassian:jira:3.10.1", "cpe:/a:atlassian:jira_software_data_center:7.0.11", "cpe:/a:atlassian:jira:8.5.1", "cpe:/a:atlassian:jira:7.12.2", "cpe:/a:atlassian:jira:6.0", "cpe:/a:atlassian:jira:8.6.2", "cpe:/a:atlassian:jira:7.6.11", "cpe:/a:atlassian:jira:5.0.4", "cpe:/a:atlassian:jira_software_data_center:7.7.4", "cpe:/a:atlassian:jira:7.5.2", "cpe:/a:atlassian:jira:6.3.9", "cpe:/a:atlassian:jira:7.0.5", "cpe:/a:atlassian:jira:7.5.4", "cpe:/a:atlassian:jira_software_data_center:7.3.7", "cpe:/a:atlassian:jira:7.9.3", "cpe:/a:atlassian:jira_software_data_center:7.7.1", "cpe:/a:atlassian:jira:7.8.5", "cpe:/a:atlassian:jira:6.2.6", "cpe:/a:atlassian:jira_software_data_center:7.4.2", "cpe:/a:atlassian:jira:7.4.6", "cpe:/a:atlassian:jira:7.1.4", "cpe:/a:atlassian:jira:7.2.1", "cpe:/a:atlassian:jira:5.1.2", "cpe:/a:atlassian:jira_software_data_center:7.13.11", "cpe:/a:atlassian:jira:7.6.9", "cpe:/a:atlassian:jira:7.6", "cpe:/a:atlassian:jira:6.1", "cpe:/a:atlassian:jira:8.2.2", "cpe:/a:atlassian:jira_software_data_center:7.6.17", "cpe:/a:atlassian:jira:6.4.11", "cpe:/a:atlassian:jira_software_data_center:8.1.2", "cpe:/a:atlassian:jira:6.3.6", "cpe:/a:atlassian:jira:6.1.7", "cpe:/a:atlassian:jira:3.12.2", "cpe:/a:atlassian:jira:7.10.0", "cpe:/a:atlassian:jira:7.5.3", "cpe:/a:atlassian:jira:7.1.2", "cpe:/a:atlassian:jira:6.1.9", "cpe:/a:atlassian:jira:7.6.3", "cpe:/a:atlassian:jira_software_data_center:7.4.3", "cpe:/a:atlassian:jira:-", "cpe:/a:atlassian:jira_software_data_center:7.13.3", "cpe:/a:atlassian:jira:4.2.3", "cpe:/a:atlassian:jira:3.7.3", "cpe:/a:atlassian:jira:8.1.0", "cpe:/a:atlassian:jira:7.6.16", "cpe:/a:atlassian:jira:7.2.2", "cpe:/a:atlassian:jira_software_data_center:8.4.2", "cpe:/a:atlassian:jira:8.1.3", "cpe:/a:atlassian:jira_software_data_center:7.6.3", "cpe:/a:atlassian:jira:6.4.9", "cpe:/a:atlassian:jira:2.2", "cpe:/a:atlassian:jira_software_data_center:7.6.10", "cpe:/a:atlassian:jira:7.2.8", "cpe:/a:atlassian:jira:7.4.0", "cpe:/a:atlassian:jira:7.2.14", "cpe:/a:atlassian:jira_software_data_center:8.0.2", "cpe:/a:atlassian:jira:3.12.3", "cpe:/a:atlassian:jira:7.0.0", "cpe:/a:atlassian:jira:7.6.7", "cpe:/a:atlassian:jira_software_data_center:8.6.2", "cpe:/a:atlassian:jira:8.3.1", "cpe:/a:atlassian:jira:2.5.1", "cpe:/a:atlassian:jira:3.6.2_156", "cpe:/a:atlassian:jira:7.1.1", "cpe:/a:atlassian:jira_software_data_center:7.1.8", "cpe:/a:atlassian:jira:6.2.5", "cpe:/a:atlassian:jira_software_data_center:8.5.1", "cpe:/a:atlassian:jira:7.3.3", "cpe:/a:atlassian:jira_software_data_center:8.4.1", "cpe:/a:atlassian:jira_software_data_center:7.5.0", "cpe:/a:atlassian:jira:8.2.3", "cpe:/a:atlassian:jira:7.11.2", "cpe:/a:atlassian:jira_software_data_center:7.6.0", "cpe:/a:atlassian:jira:4.2.2", "cpe:/a:atlassian:jira:6.1.2", "cpe:/a:atlassian:jira_software_data_center:8.7.1", "cpe:/a:atlassian:jira:6.1.5", "cpe:/a:atlassian:jira:3.13.3", "cpe:/a:atlassian:jira:3.5.3", "cpe:/a:atlassian:jira:8.4.2", "cpe:/a:atlassian:jira:6.2.1", "cpe:/a:atlassian:jira:5.2.8", "cpe:/a:atlassian:jira:6.0.1", "cpe:/a:atlassian:jira:6.1.6", "cpe:/a:atlassian:jira_software_data_center:7.3.2", "cpe:/a:atlassian:jira:7.1.6", "cpe:/a:atlassian:jira_software_data_center:7.2.15", "cpe:/a:atlassian:jira:7.0.2", "cpe:/a:atlassian:jira:3.13.5", "cpe:/a:atlassian:jira:7.2.7", "cpe:/a:atlassian:jira:5.2", "cpe:/a:atlassian:jira:7.3.5", "cpe:/a:atlassian:jira_software_data_center:7.3.6", "cpe:/a:atlassian:jira:3.13", "cpe:/a:atlassian:jira:8.5.4", "cpe:/a:atlassian:jira:6.0.7", "cpe:/a:atlassian:jira:7.13.4", "cpe:/a:atlassian:jira:5.1.4", "cpe:/a:atlassian:jira:4.3", "cpe:/a:atlassian:jira:7.3.2", "cpe:/a:atlassian:jira:7.2.0", "cpe:/a:atlassian:jira_software_data_center:7.13.2", "cpe:/a:atlassian:jira:7.4.3", "cpe:/a:atlassian:jira:3.7.4", "cpe:/a:atlassian:jira:7.12.0", "cpe:/a:atlassian:jira:6.4", "cpe:/a:atlassian:jira:6.4.13", "cpe:/a:atlassian:jira:8.1.1", "cpe:/a:atlassian:jira:8.3.5", "cpe:/a:atlassian:jira:3.8", "cpe:/a:atlassian:jira:4.4.5", "cpe:/a:atlassian:jira:7.1.0", "cpe:/a:atlassian:jira:8.2.1", "cpe:/a:atlassian:jira:4.2.4", "cpe:/a:atlassian:jira:7.2.15", "cpe:/a:atlassian:jira_software_data_center:8.3.2", "cpe:/a:atlassian:jira:3.0.3", "cpe:/a:atlassian:jira:7.7.2", "cpe:/a:atlassian:jira:5.2.10", "cpe:/a:atlassian:jira_software_data_center:7.1.7", "cpe:/a:atlassian:jira:7.3.7", "cpe:/a:atlassian:jira_software_data_center:7.6.6", "cpe:/a:atlassian:jira:4.4", "cpe:/a:atlassian:jira:6.2.7", "cpe:/a:atlassian:jira:7.6.15", "cpe:/a:atlassian:jira_software_data_center:7.5.1", "cpe:/a:atlassian:jira:3.6.4", "cpe:/a:atlassian:jira:4.1", "cpe:/a:atlassian:jira_software_data_center:8.1.1", "cpe:/a:atlassian:jira_software_data_center:8.6.1", "cpe:/a:atlassian:jira_software_data_center:7.1.2", "cpe:/a:atlassian:jira_software_data_center:7.12.3", "cpe:/a:atlassian:jira_software_data_center:7.13.9", "cpe:/a:atlassian:jira:8.3.3", "cpe:/a:atlassian:jira:4.3.1", "cpe:/a:atlassian:jira:3.12", "cpe:/a:atlassian:jira:3.9.3", "cpe:/a:atlassian:jira:8.7.2", "cpe:/a:atlassian:jira_software_data_center:8.2.5", "cpe:/a:atlassian:jira:2.6.1", "cpe:/a:atlassian:jira:8.0.1", "cpe:/a:atlassian:jira:8.3.4", "cpe:/a:atlassian:jira:7.3.8", "cpe:/a:atlassian:jira:7.3.0", "cpe:/a:atlassian:jira_software_data_center:7.13.0", "cpe:/a:atlassian:jira:7.7.1", "cpe:/a:atlassian:jira:4.0.1", "cpe:/a:atlassian:jira:5.2.5", "cpe:/a:atlassian:jira:7.13.11", "cpe:/a:atlassian:jira:5.1.7", "cpe:/a:atlassian:jira_software_data_center:8.5.2", "cpe:/a:atlassian:jira:3.6.5", "cpe:/a:atlassian:jira:7.2.9", "cpe:/a:atlassian:jira:7.8.0", "cpe:/a:atlassian:jira_software_data_center:8.0.3", "cpe:/a:atlassian:jira:2.5.2", "cpe:/a:atlassian:jira:8.5.0", "cpe:/a:atlassian:jira_software_data_center:7.12.0", "cpe:/a:atlassian:jira:6.4.10", "cpe:/a:atlassian:jira:8.0.4", "cpe:/a:atlassian:jira_software_data_center:8.4.3", "cpe:/a:atlassian:jira_software_data_center:8.3.1", "cpe:/a:atlassian:jira_software_data_center:8.3.3", "cpe:/a:atlassian:jira:8.6.1", "cpe:/a:atlassian:jira:6.4.2", "cpe:/a:atlassian:jira_software_data_center:8.2.6", "cpe:/a:atlassian:jira_software_data_center:7.1.4", "cpe:/a:atlassian:jira:8.2.0", "cpe:/a:atlassian:jira_software_data_center:7.5.3", "cpe:/a:atlassian:jira_software_data_center:7.11.0", "cpe:/a:atlassian:jira:6.2.4", "cpe:/a:atlassian:jira_software_data_center:7.0.4", "cpe:/a:atlassian:jira:6.4.5", "cpe:/a:atlassian:jira:3.13.2", "cpe:/a:atlassian:jira_software_data_center:7.2.7", "cpe:/a:atlassian:jira:4.2", "cpe:/a:atlassian:jira:6.4.4", "cpe:/a:atlassian:jira:7.0.11", "cpe:/a:atlassian:jira:3.13.1", "cpe:/a:atlassian:jira:7.2.10", "cpe:/a:atlassian:jira:3.3", "cpe:/a:atlassian:jira_software_data_center:8.3.4", "cpe:/a:atlassian:jira_software_data_center:7.13.13", "cpe:/a:atlassian:jira:8.0.3", "cpe:/a:atlassian:jira:6.3.7", "cpe:/a:atlassian:jira:3.8.1", "cpe:/a:atlassian:jira:6.4.12", "cpe:/a:atlassian:jira:7.6.4", "cpe:/a:atlassian:jira:7.12.3", "cpe:/a:atlassian:jira:8.5.5", "cpe:/a:atlassian:jira:6.3.11", "cpe:/a:atlassian:jira:4.3.4", "cpe:/a:atlassian:jira:7.3.4", "cpe:/a:atlassian:jira:3.4", "cpe:/a:atlassian:jira:3.2.2", "cpe:/a:atlassian:jira_software_data_center:7.7.2", "cpe:/a:atlassian:jira:6.3.8", "cpe:/a:atlassian:jira_software_data_center:8.0.0", "cpe:/a:atlassian:jira:3.5.2", "cpe:/a:atlassian:jira_software_data_center:7.2.3", "cpe:/a:atlassian:jira:3.6.2", "cpe:/a:atlassian:jira_software_data_center:7.4.6", "cpe:/a:atlassian:jira:5.0", "cpe:/a:atlassian:jira:3.12.1", "cpe:/a:atlassian:jira_software_data_center:8.1.0", "cpe:/a:atlassian:jira:8.4.0", "cpe:/a:atlassian:jira:3.0", "cpe:/a:atlassian:jira:7.2.11", "cpe:/a:atlassian:jira_software_data_center:7.1.0", "cpe:/a:atlassian:jira:5.0.1", "cpe:/a:atlassian:jira:7.11.0", "cpe:/a:atlassian:jira:6.4.3", "cpe:/a:atlassian:jira:2.5.3", "cpe:/a:atlassian:jira_software_data_center:8.5.0", "cpe:/a:atlassian:jira:5.2.9", "cpe:/a:atlassian:jira_software_data_center:8.1.3", "cpe:/a:atlassian:jira:8.1.2", "cpe:/a:atlassian:jira:7.6.8", "cpe:/a:atlassian:jira:6.1.1", "cpe:/a:atlassian:jira:6.2.3", "cpe:/a:atlassian:jira_software_data_center:7.2.10", "cpe:/a:atlassian:jira:7.0.9", "cpe:/a:atlassian:jira:7.0.10_", "cpe:/a:atlassian:jira:3.1.1", "cpe:/a:atlassian:jira:3.6.3", "cpe:/a:atlassian:jira:8.4.1", "cpe:/a:atlassian:jira:8.0.22", "cpe:/a:atlassian:jira_software_data_center:8.4.0", "cpe:/a:atlassian:jira:7.8.1", "cpe:/a:atlassian:jira:6.1.4", "cpe:/a:atlassian:jira_software_data_center:7.2.14", "cpe:/a:atlassian:jira:3.11", "cpe:/a:atlassian:jira:6.4.7", "cpe:/a:atlassian:jira_software_data_center:7.8.4", "cpe:/a:atlassian:jira:3.7.2", "cpe:/a:atlassian:jira_software_data_center:7.12.2", "cpe:/a:atlassian:jira_software_data_center:8.7.0", "cpe:/a:atlassian:jira:6.0.3", "cpe:/a:atlassian:jira_software_data_center:7.2.1", "cpe:/a:atlassian:jira:3.9", "cpe:/a:atlassian:jira_software_data_center:7.13.6", "cpe:/a:atlassian:jira_software_data_center:7.5.4", "cpe:/a:atlassian:jira:3.3.1", "cpe:/a:atlassian:jira:7.7.3", "cpe:/a:atlassian:jira:2.6", "cpe:/a:atlassian:jira_software_data_center:7.6.1", "cpe:/a:atlassian:jira:8.2.6", "cpe:/a:atlassian:jira_software_data_center:7.1.10", "cpe:/a:atlassian:jira_software_data_center:7.13.12", "cpe:/a:atlassian:jira:7.1.10", "cpe:/a:atlassian:jira:5.1", "cpe:/a:atlassian:jira_software_data_center:7.2.2", "cpe:/a:atlassian:jira_software_data_center:7.9.2", "cpe:/a:atlassian:jira:3.0.1", "cpe:/a:atlassian:jira_software_data_center:7.11.2", "cpe:/a:atlassian:jira:7.13.8", "cpe:/a:atlassian:jira:3.4.1", "cpe:/a:atlassian:jira:3.1", "cpe:/a:atlassian:jira:3.0.2", "cpe:/a:atlassian:jira_software_data_center:7.13.4", "cpe:/a:atlassian:jira:8.3.0", "cpe:/a:atlassian:jira_software_data_center:7.2.13", "cpe:/a:atlassian:jira_software_data_center:7.2.6", "cpe:/a:atlassian:jira:7.6.1", "cpe:/a:atlassian:jira:8.5.2", "cpe:/a:atlassian:jira_software_data_center:7.3.5", "cpe:/a:atlassian:jira:5.0.6", "cpe:/a:atlassian:jira:6.3.15", "cpe:/a:atlassian:jira:6.0.6", "cpe:/a:atlassian:jira_software_data_center:7.4.5", "cpe:/a:atlassian:jira:5.2.6", "cpe:/a:atlassian:jira:7.10.2", "cpe:/a:atlassian:jira_software_data_center:7.1.6", "cpe:/a:atlassian:jira:3.3.2", "cpe:/a:atlassian:jira_software_data_center:7.8.0", "cpe:/a:atlassian:jira:3.7", "cpe:/a:atlassian:jira:7.10.3", "cpe:/a:atlassian:jira:8.3.2", "cpe:/a:atlassian:jira:5.2.4.1", "cpe:/a:atlassian:jira:7.1.8", "cpe:/a:atlassian:jira:5.1.5", "cpe:/a:atlassian:jira:7.7.0", "cpe:/a:atlassian:jira:6.3.1", "cpe:/a:atlassian:jira_software_data_center:7.6.13", "cpe:/a:atlassian:jira_software_data_center:7.13.14", "cpe:/a:atlassian:jira:7.8.4", "cpe:/a:atlassian:jira_software_data_center:7.10.2", "cpe:/a:atlassian:jira:7.7.4", "cpe:/a:atlassian:jira:3.13.4", "cpe:/a:atlassian:jira:5.2.11", "cpe:/a:atlassian:jira:7.6.12", "cpe:/a:atlassian:jira_software_data_center:7.2.8", "cpe:/a:atlassian:jira:6.4.14", "cpe:/a:atlassian:jira:7.2.3", "cpe:/a:atlassian:jira:7.7.5", "cpe:/a:atlassian:jira_software_data_center:7.8.1", "cpe:/a:atlassian:jira:3.7.1", "cpe:/a:atlassian:jira_software_data_center:7.0.2", "cpe:/a:atlassian:jira:5.0.7", "cpe:/a:atlassian:jira:6.4.1", "cpe:/a:atlassian:jira:7.2.12", "cpe:/a:atlassian:jira:7.13.0", "cpe:/a:atlassian:jira_software_data_center:7.4.0", "cpe:/a:atlassian:jira:8.4.3", "cpe:/a:atlassian:jira:3.6", "cpe:/a:atlassian:jira:7.9.2", "cpe:/a:atlassian:jira_software_data_center:7.1.1", "cpe:/a:atlassian:jira_software_data_center:7.3.4", "cpe:/a:atlassian:jira_software_data_center:7.2.11", "cpe:/a:atlassian:jira:3.4.3", "cpe:/a:atlassian:jira:6.0.2", "cpe:/a:atlassian:jira:5.2.3", "cpe:/a:atlassian:jira:6.1.3", "cpe:/a:atlassian:jira:7.13.7", "cpe:/a:atlassian:jira_software_data_center:7.13.1", "cpe:/a:atlassian:jira:7.8.3", "cpe:/a:atlassian:jira:6.1.8", "cpe:/a:atlassian:jira_software_data_center:7.5.2", "cpe:/a:atlassian:jira:4.3.2", "cpe:/a:atlassian:jira_software_data_center:7.2.4", "cpe:/a:atlassian:jira:6.2.2", "cpe:/a:atlassian:jira:7.4.1", "cpe:/a:atlassian:jira:7.1.9", "cpe:/a:atlassian:jira_software_data_center:7.6.11", "cpe:/a:atlassian:jira_software_data_center:7.6.16", "cpe:/a:atlassian:jira:2.2.1", "cpe:/a:atlassian:jira:7.7", "cpe:/a:atlassian:jira_software_data_center:7.10.0", "cpe:/a:atlassian:jira:8.6.0", "cpe:/a:atlassian:jira:7.13.5", "cpe:/a:atlassian:jira_software_data_center:7.2.0", "cpe:/a:atlassian:jira:4.1.1", "cpe:/a:atlassian:jira:7.5.1", "cpe:/a:atlassian:jira_software_data_center:7.2.9", "cpe:/a:atlassian:jira_software_data_center:8.2.4", "cpe:/a:atlassian:jira_software_data_center:7.3.3", "cpe:/a:atlassian:jira_software_data_center:8.7.2", "cpe:/a:atlassian:jira_software_data_center:7.12.1", "cpe:/a:atlassian:jira:7.0.3", "cpe:/a:atlassian:jira_software_data_center:7.3.9", "cpe:/a:atlassian:jira_software_data_center:7.3.8", "cpe:/a:atlassian:jira:4.1.2", "cpe:/a:atlassian:jira:4.4.1", "cpe:/a:atlassian:jira_software_data_center:7.6.12", "cpe:/a:atlassian:jira:7.9.1", "cpe:/a:atlassian:jira:5.1.3", "cpe:/a:atlassian:jira_software_data_center:8.2.2", "cpe:/a:atlassian:jira:7.2.4", "cpe:/a:atlassian:jira_software_data_center:7.3.0", "cpe:/a:atlassian:jira:7.3.1", "cpe:/a:atlassian:jira:7.4.5", "cpe:/a:atlassian:jira:3.10", "cpe:/a:atlassian:jira_software_data_center:8.2.1", "cpe:/a:atlassian:jira_software_data_center:7.6.14", "cpe:/a:atlassian:jira:7.2.5", "cpe:/a:atlassian:jira_software_data_center:8.3.5", "cpe:/a:atlassian:jira:8.5.3", "cpe:/a:atlassian:jira:3.4.2", "cpe:/a:atlassian:jira:4.4.4", "cpe:/a:atlassian:jira_software_data_center:7.3.1", "cpe:/a:atlassian:jira:8.7.1", "cpe:/a:atlassian:jira:7.13.2", "cpe:/a:atlassian:jira_software_data_center:7.6.9", "cpe:/a:atlassian:jira:7.11.1", "cpe:/a:atlassian:jira:3.9.1", "cpe:/a:atlassian:jira:7.2.13", "cpe:/a:atlassian:jira_software_data_center:8.2.3", "cpe:/a:atlassian:jira:3.6.1", "cpe:/a:atlassian:jira:4.4.2", "cpe:/a:atlassian:jira:6.4.8", "cpe:/a:atlassian:jira:7.6.5", "cpe:/a:atlassian:jira:7.13.6", "cpe:/a:atlassian:jira_software_data_center:7.0.9", "cpe:/a:atlassian:jira_software_data_center:7.6.7", "cpe:/a:atlassian:jira_software_data_center:7.13.8", "cpe:/a:atlassian:jira:7.3.6", "cpe:/a:atlassian:jira:7.6.13", "cpe:/a:atlassian:jira:6.2", "cpe:/a:atlassian:jira_software_data_center:7.2.12", "cpe:/a:atlassian:jira:7.6.14", "cpe:/a:atlassian:jira:5.0.3", "cpe:/a:atlassian:jira_software_data_center:7.8.2", "cpe:/a:atlassian:jira:4.0.2", "cpe:/a:atlassian:jira:6.3.4", "cpe:/a:atlassian:jira:8.0.0", "cpe:/a:atlassian:jira_software_data_center:7.0.0", "cpe:/a:atlassian:jira:7.12.1", "cpe:/a:atlassian:jira:3.5.1", "cpe:/a:atlassian:jira:7.12.4", "cpe:/a:atlassian:jira:7.0.10", "cpe:/a:atlassian:jira:6.3.12", "cpe:/a:atlassian:jira:7.13.9", "cpe:/a:atlassian:jira:7.4.4", "cpe:/a:atlassian:jira:5.2.7", "cpe:/a:atlassian:jira_software_data_center:7.1.9", "cpe:/a:atlassian:jira:5.2.2", "cpe:/a:atlassian:jira:5.2.1", "cpe:/a:atlassian:jira:7.0.4", "cpe:/a:atlassian:jira_software_data_center:8.5.4", "cpe:/a:atlassian:jira_software_data_center:7.6.2", "cpe:/a:atlassian:jira_software_data_center:7.6.8", "cpe:/a:atlassian:jira:7.6.0", "cpe:/a:atlassian:jira:7.6.17", "cpe:/a:atlassian:jira:4.0", "cpe:/a:atlassian:jira:5.2.4", "cpe:/a:atlassian:jira:7.13.1", "cpe:/a:atlassian:jira:7.11.3", "cpe:/a:atlassian:jira:5.1.1", "cpe:/a:atlassian:jira:8.0.2", "cpe:/a:atlassian:jira:3.2", "cpe:/a:atlassian:jira_software_data_center:8.2.0", "cpe:/a:atlassian:jira:7.6.6", "cpe:/a:atlassian:jira:7.13.12", "cpe:/a:atlassian:jira:7.13.3", "cpe:/a:atlassian:jira:4.4.3", "cpe:/a:atlassian:jira_software_data_center:7.6.4", "cpe:/a:atlassian:jira_software_data_center:7.11.1", "cpe:/a:atlassian:jira:6.0.4"], "cpe23": [], "cvelist": ["CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-74"], "description": "The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-08-12T11:50:18", "references": [{"idList": ["ATLASSIAN:JRASERVER-70944"], "type": "atlassian"}], "rev": 2}, "score": {"modified": "2020-08-12T11:50:18", "rev": 2, "value": 7.1, "vector": "NONE"}}, "hash": "a8a1ec6b4202d447a0e2affeb6a575af11bd168e317ba3b718af2fd18949afc6", "hashmap": [{"hash": "f71ddb9948f883d01aa0660d412e22ab", "key": "affectedSoftware"}, {"hash": "4b2aa28f6cd2429cf85b03518f4d65f1", "key": "cwe"}, {"hash": "fc30ef575661306ca3b94198407da92f", "key": "href"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "b074755c34eecd0891b9379c344720af", "key": "cpe"}, {"hash": "1ea403c1abcafad68ad6ba66a63cf129", "key": "published"}, {"hash": "20ef2bede4ddf2da024e8a8a4a435ab7", "key": "title"}, {"hash": "1fe6aaf8bae6091d2be9c043d12515be", "key": "cvelist"}, {"hash": "f653f1ed54e78cc8e46a06ff42064514", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "58f0354029a7fe6de53ba40f2d9db19c", "key": "references"}, {"hash": "54c0c8bef9ddf8f5998e8fc240aa7e1f", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20409", "id": "CVE-2019-20409", "lastseen": "2020-08-12T11:50:18", "modified": "2020-07-06T15:00:00", "objectVersion": "1.3", "published": "2020-06-23T06:15:00", "references": ["https://jira.atlassian.com/browse/JRASERVER-70944"], "reporter": "cve@mitre.org", "title": "CVE-2019-20409", "type": "cve", "viewCount": 13}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 4, "lastseen": "2020-08-12T11:50:18"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "atlassian:jira_software_data_center", "name": "atlassian jira software data center", "operator": "lt", "version": "8.8.0"}, {"cpeName": "atlassian:jira", "name": "atlassian jira", "operator": "lt", "version": "8.8.0"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:atlassian:jira:8.8.0:*:*:*:*:*:*:*", "versionEndExcluding": "8.8.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:atlassian:jira_software_data_center:8.8.0:*:*:*:*:*:*:*", "versionEndExcluding": "8.8.0", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-74"], "description": "The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.", "edition": 9, "enchantments": {"dependencies": {"modified": "2021-02-02T07:12:58", "references": [{"idList": ["ATLASSIAN:JRASERVER-70940", "ATLASSIAN:JRASERVER-70944"], "type": "atlassian"}], "rev": 2}, "score": {"modified": "2021-02-02T07:12:58", "rev": 2, "value": 7.1, "vector": "NONE"}}, "extraReferences": [{"name": "https://jira.atlassian.com/browse/JRASERVER-70944", "refsource": "MISC", "tags": ["Vendor Advisory", "Issue Tracking"], "url": "https://jira.atlassian.com/browse/JRASERVER-70944"}], "hash": "19548ced84a737e65ee7dc65c752555d3599225e584bb4475168f61b3b944b6a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "4b2aa28f6cd2429cf85b03518f4d65f1", "key": "cwe"}, {"hash": "fc30ef575661306ca3b94198407da92f", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "1ea403c1abcafad68ad6ba66a63cf129", "key": "published"}, {"hash": "20ef2bede4ddf2da024e8a8a4a435ab7", "key": "title"}, {"hash": "04c75f51ead2c7eb89761c65297e440a", "key": "extraReferences"}, {"hash": "1fe6aaf8bae6091d2be9c043d12515be", "key": "cvelist"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "f653f1ed54e78cc8e46a06ff42064514", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "87ec4b03c36995bd98250a57e8cb3010", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "e30c951bc133c61018572d08ecaf7e6a", "key": "cpeConfiguration"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "58f0354029a7fe6de53ba40f2d9db19c", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "54c0c8bef9ddf8f5998e8fc240aa7e1f", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20409", "id": "CVE-2019-20409", "immutableFields": [], "lastseen": "2021-02-02T07:12:58", "modified": "2020-07-06T15:00:00", "objectVersion": "1.5", "published": "2020-06-23T06:15:00", "references": ["https://jira.atlassian.com/browse/JRASERVER-70944"], "reporter": "cve@mitre.org", "title": "CVE-2019-20409", "type": "cve", "viewCount": 15}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 9, "lastseen": "2021-02-02T07:12:58"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "atlassian:jira_software_data_center", "name": "atlassian jira software data center", "operator": "lt", "version": "8.8.0"}, {"cpeName": "atlassian:jira", "name": "atlassian jira", "operator": "lt", "version": "8.8.0"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-74"], "description": "The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-09-21T14:54:54", "references": [{"idList": ["ATLASSIAN:JRASERVER-70944"], "type": "atlassian"}], "rev": 2}, "score": {"modified": "2020-09-21T14:54:54", "rev": 2, "value": 7.1, "vector": "NONE"}}, "hash": "ffdf1ffd18aabdf0bba71ccaef6c4dbdc5a7ce7a880da6d0265b622405653b54", "hashmap": [{"hash": "4b2aa28f6cd2429cf85b03518f4d65f1", "key": "cwe"}, {"hash": "fc30ef575661306ca3b94198407da92f", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "1ea403c1abcafad68ad6ba66a63cf129", "key": "published"}, {"hash": "20ef2bede4ddf2da024e8a8a4a435ab7", "key": "title"}, {"hash": "1fe6aaf8bae6091d2be9c043d12515be", "key": "cvelist"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "f653f1ed54e78cc8e46a06ff42064514", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "87ec4b03c36995bd98250a57e8cb3010", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "58f0354029a7fe6de53ba40f2d9db19c", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "54c0c8bef9ddf8f5998e8fc240aa7e1f", "key": "description"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20409", "id": "CVE-2019-20409", "lastseen": "2020-09-21T14:54:54", "modified": "2020-07-06T15:00:00", "objectVersion": "1.3", "published": "2020-06-23T06:15:00", "references": ["https://jira.atlassian.com/browse/JRASERVER-70944"], "reporter": "cve@mitre.org", "title": "CVE-2019-20409", "type": "cve", "viewCount": 13}, "differentElements": ["cpeConfiguration"], "edition": 5, "lastseen": "2020-09-21T14:54:54"}, {"bulletin": {"affectedSoftware": [{"name": "atlassian jira", "operator": "eq", "version": "7.11.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.10"}, {"name": "atlassian jira", "operator": "eq", "version": "3.11"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.10"}, {"name": "atlassian jira", "operator": "eq", "version": "2.5.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.11"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.9.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.12.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.6"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.9"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.9"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.7"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "3.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.10"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.6"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.12.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.6"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.9"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.7"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.4.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.16"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.10"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.6"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.17"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.9"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.10.1"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.5.2"}, {"name": "atlassian jira", "operator": "eq", "version": "2.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.5.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.4"}, {"name": "atlassian jira", "operator": "eq", "version": "4.2.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.7"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.14"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.6"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.6"}, {"name": "atlassian jira", "operator": "eq", "version": "8.4.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.7.0"}, {"name": "atlassian jira", "operator": "eq", "version": "4.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.10"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.7"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.8"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.15"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.1"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.4"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.22"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.6"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.1"}, {"name": "atlassian jira", "operator": "eq", "version": "4.3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.11"}, {"name": "atlassian jira", "operator": "eq", "version": "3.5.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.12"}, {"name": "atlassian jira", "operator": "eq", "version": "8.1.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.13"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.15"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.9.3"}, {"name": "atlassian jira", "operator": "eq", "version": "4.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.12"}, {"name": "atlassian jira", "operator": "eq", "version": "7.10.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.3.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.1"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.7"}, {"name": "atlassian jira", "operator": "eq", "version": "8.6.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.10.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.6.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.7"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.6"}, {"name": "atlassian jira", "operator": "eq", "version": "4.1.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.10"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.8.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.15"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "8.1.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.11"}, {"name": "atlassian jira", "operator": "eq", "version": "3.10.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.12.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.10.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.11.0"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.9"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.8"}, {"name": "atlassian jira", "operator": "eq", "version": "2.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.13"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.17"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.2"}, {"name": "atlassian jira", "operator": "eq", "version": "2.5.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.7"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.5.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.11.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.11"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.12"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.6"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.9.0"}, {"name": "atlassian jira", "operator": "eq", "version": "8.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.7"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.1.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.3"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4"}, {"name": "atlassian jira", "operator": "eq", "version": "3.7.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.15"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.11"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.6"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.5.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.13"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.13"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.11"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.1.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.10"}, {"name": "atlassian jira", "operator": "eq", "version": "7.5.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "4.0.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.6"}, {"name": "atlassian jira", "operator": "eq", "version": "4.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.7.3"}, {"name": "atlassian jira", "operator": "eq", "version": "8.1.1"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.14"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.14"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.4"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.11"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.7.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.7.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.10.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.5"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.7"}, {"name": "atlassian jira", "operator": "eq", "version": "4.2.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13.3"}, {"name": "atlassian jira", "operator": "eq", "version": "8.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.9"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.8"}, {"name": "atlassian jira", "operator": "eq", "version": "4.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.12"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.4"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.5"}, {"name": "atlassian jira", "operator": "eq", "version": "3.3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "2.5.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.5.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.4"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.10"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.7"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.5.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.14"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.0.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.1.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.15"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.0.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.12.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.10"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.0.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.4"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.0"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.2_156"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.11"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.6"}, {"name": "atlassian jira", "operator": "eq", "version": "3.4.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.5.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.8.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.12"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.4.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.7.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.7.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.1"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.5"}, {"name": "atlassian jira", "operator": "eq", "version": "3.9"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.10.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.1.0"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.5"}, {"name": "atlassian jira", "operator": "eq", "version": "2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.13"}, {"name": "atlassian jira", "operator": "eq", "version": "-"}, {"name": "atlassian jira", "operator": "eq", "version": "2.4.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.14"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.7.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.10"}, {"name": "atlassian jira", "operator": "eq", "version": "8.4.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.14"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.12"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.5"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.14"}, {"name": "atlassian jira", "operator": "eq", "version": "8.4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "4.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.7.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.9"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.4"}, {"name": "atlassian jira", "operator": "eq", "version": "3.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.2"}, {"name": "atlassian jira", "operator": "eq", "version": "8.0.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.12.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.5.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.4"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.13"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.13"}, {"name": "atlassian jira", "operator": "eq", "version": "3.5.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.11"}, {"name": "atlassian jira", "operator": "eq", "version": "3.6.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.10.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.5.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.4"}, {"name": "atlassian jira", "operator": "eq", "version": "8.7.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.8"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.0"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.1.10"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.5"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.7"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.12"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.11"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.7"}, {"name": "atlassian jira", "operator": "eq", "version": "7.9.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.11.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.12"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.9.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.4.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.13"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.12.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.7.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.0.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.11"}, {"name": "atlassian jira", "operator": "eq", "version": "3.2.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.16"}, {"name": "atlassian jira", "operator": "eq", "version": "8.6.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.9"}, {"name": "atlassian jira", "operator": "eq", "version": "7.0.10_"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.8"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.6"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.4"}, {"name": "atlassian jira", "operator": "eq", "version": "4.4.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.2.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.0.9"}, {"name": "atlassian jira", "operator": "eq", "version": "3.12.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.11.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.3.6"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.3.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.4"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "8.4.0"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.8.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.4"}, {"name": "atlassian jira", "operator": "eq", "version": "7.8.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.5.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.5.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.3"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.10"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.4.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.12.3"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.5"}, {"name": "atlassian jira", "operator": "eq", "version": "3.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.12.2"}, {"name": "atlassian jira", "operator": "eq", "version": "4.0.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "5.0.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.5"}, {"name": "atlassian jira", "operator": "eq", "version": "7.9.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "3.9.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "8.2.5"}, {"name": "atlassian jira", "operator": "eq", "version": "3.8.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.9.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.11.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.6.12"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.6.9"}, {"name": "atlassian jira", "operator": "eq", "version": "5.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "8.5.0"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.2"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.6"}, {"name": "atlassian jira", "operator": "eq", "version": "6.3.1"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.5"}, {"name": "atlassian jira", "operator": "eq", "version": "6.0.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "3.8"}, {"name": "atlassian jira", "operator": "eq", "version": "3.4.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "8.1.2"}, {"name": "atlassian jira", "operator": "eq", "version": "6.4.10"}, {"name": "atlassian jira", "operator": "eq", "version": "8.7.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "7.2.14"}, {"name": "atlassian jira", "operator": "eq", "version": "7.12.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.7.3"}, {"name": "atlassian jira", "operator": "eq", "version": "7.12.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.8.4"}, {"name": "atlassian jira", "operator": "eq", "version": "6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.7"}, {"name": "atlassian jira", "operator": "eq", "version": "3.4"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.8"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.11.0"}, {"name": "atlassian jira", "operator": "eq", "version": "7.13.3"}, {"name": "atlassian jira", "operator": "eq", "version": "3.9.3"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.13.0"}, {"name": "atlassian jira", "operator": "eq", "version": "3.13.1"}, {"name": "atlassian jira", "operator": "eq", "version": "2.6"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.5"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.4.6"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.12.1"}, {"name": "atlassian jira_software_data_center", "operator": "eq", "version": "7.10.2"}, {"name": "atlassian jira", "operator": "eq", "version": "2.6.1"}, {"name": "atlassian jira", "operator": "eq", "version": "8.3.2"}, {"name": "atlassian jira", "operator": "eq", "version": "2.2.1"}, {"name": "atlassian jira", "operator": "eq", "version": "5.2.9"}, {"name": "atlassian jira", "operator": "eq", "version": "4.3.3"}, {"name": "atlassian jira", "operator": "eq", "version": "6.2.2"}, {"name": "atlassian jira", "operator": "eq", "version": "7.4.6"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:atlassian:jira_software_data_center:7.6.15", "cpe:/a:atlassian:jira:8.2.5", "cpe:/a:atlassian:jira:5.1.6", "cpe:/a:atlassian:jira:6.4.6", "cpe:/a:atlassian:jira_software_data_center:8.3.0", "cpe:/a:atlassian:jira:7.6.10", "cpe:/a:atlassian:jira:7.13.10", "cpe:/a:atlassian:jira:5.0.5", "cpe:/a:atlassian:jira:6.3", "cpe:/a:atlassian:jira:7.3.9", "cpe:/a:atlassian:jira_software_data_center:7.4.4", "cpe:/a:atlassian:jira:7.13.13", "cpe:/a:atlassian:jira:7.2.6", "cpe:/a:atlassian:jira:7.6.2", "cpe:/a:atlassian:jira:2.1", "cpe:/a:atlassian:jira:6.3.13", "cpe:/a:atlassian:jira:6.3.10", "cpe:/a:atlassian:jira:3.5", "cpe:/a:atlassian:jira:6.3.3", "cpe:/a:atlassian:jira:6.3.5", "cpe:/a:atlassian:jira:3.2.1", "cpe:/a:atlassian:jira:8.7.0", "cpe:/a:atlassian:jira_software_data_center:8.6.0", "cpe:/a:atlassian:jira_software_data_center:7.9.0", "cpe:/a:atlassian:jira:7.4.2", "cpe:/a:atlassian:jira:4.2.1", "cpe:/a:atlassian:jira_software_data_center:7.4.1", "cpe:/a:atlassian:jira:7.13.14", "cpe:/a:atlassian:jira:6.3.14", "cpe:/a:atlassian:jira:3.9.2", "cpe:/a:atlassian:jira:7.1.7", "cpe:/a:atlassian:jira_software_data_center:7.13.5", "cpe:/a:atlassian:jira:5.0.2", "cpe:/a:atlassian:jira:7.10.1", "cpe:/a:atlassian:jira_software_data_center:7.0.10", "cpe:/a:atlassian:jira:7.5.0", "cpe:/a:atlassian:jira:8.2.4", "cpe:/a:atlassian:jira_software_data_center:7.10.1", "cpe:/a:atlassian:jira:3.2.3", "cpe:/a:atlassian:jira_software_data_center:7.0.5", "cpe:/a:atlassian:jira:7.9.0", "cpe:/a:atlassian:jira:6.0.5", "cpe:/a:atlassian:jira_software_data_center:8.5.3", "cpe:/a:atlassian:jira_software_data_center:7.7.0", "cpe:/a:atlassian:jira:7.8.2", "cpe:/a:atlassian:jira:2.4.1", "cpe:/a:atlassian:jira:2.3", "cpe:/a:atlassian:jira:3.10.2", "cpe:/a:atlassian:jira_software_data_center:8.5.5", "cpe:/a:atlassian:jira:5.1.8", "cpe:/a:atlassian:jira:3.3.3", "cpe:/a:atlassian:jira:6.0.8", "cpe:/a:atlassian:jira:4.3.3", "cpe:/a:atlassian:jira:3.10.1", "cpe:/a:atlassian:jira_software_data_center:7.0.11", "cpe:/a:atlassian:jira:8.5.1", "cpe:/a:atlassian:jira:7.12.2", "cpe:/a:atlassian:jira:6.0", "cpe:/a:atlassian:jira:8.6.2", "cpe:/a:atlassian:jira:7.6.11", "cpe:/a:atlassian:jira:5.0.4", "cpe:/a:atlassian:jira_software_data_center:7.7.4", "cpe:/a:atlassian:jira:7.5.2", "cpe:/a:atlassian:jira:6.3.9", "cpe:/a:atlassian:jira:7.0.5", "cpe:/a:atlassian:jira:7.5.4", "cpe:/a:atlassian:jira_software_data_center:7.3.7", "cpe:/a:atlassian:jira:7.9.3", "cpe:/a:atlassian:jira_software_data_center:7.7.1", "cpe:/a:atlassian:jira:7.8.5", "cpe:/a:atlassian:jira:6.2.6", "cpe:/a:atlassian:jira_software_data_center:7.4.2", "cpe:/a:atlassian:jira:7.4.6", "cpe:/a:atlassian:jira:7.1.4", "cpe:/a:atlassian:jira:7.2.1", "cpe:/a:atlassian:jira:5.1.2", "cpe:/a:atlassian:jira_software_data_center:7.13.11", "cpe:/a:atlassian:jira:7.6.9", "cpe:/a:atlassian:jira:7.6", "cpe:/a:atlassian:jira:6.1", "cpe:/a:atlassian:jira:8.2.2", "cpe:/a:atlassian:jira_software_data_center:7.6.17", "cpe:/a:atlassian:jira:6.4.11", "cpe:/a:atlassian:jira_software_data_center:8.1.2", "cpe:/a:atlassian:jira:6.3.6", "cpe:/a:atlassian:jira:6.1.7", "cpe:/a:atlassian:jira:3.12.2", "cpe:/a:atlassian:jira:7.10.0", "cpe:/a:atlassian:jira:7.5.3", "cpe:/a:atlassian:jira:7.1.2", "cpe:/a:atlassian:jira:6.1.9", "cpe:/a:atlassian:jira:7.6.3", "cpe:/a:atlassian:jira_software_data_center:7.4.3", "cpe:/a:atlassian:jira:-", "cpe:/a:atlassian:jira_software_data_center:7.13.3", "cpe:/a:atlassian:jira:4.2.3", "cpe:/a:atlassian:jira:3.7.3", "cpe:/a:atlassian:jira:8.1.0", "cpe:/a:atlassian:jira:7.6.16", "cpe:/a:atlassian:jira:7.2.2", "cpe:/a:atlassian:jira_software_data_center:8.4.2", "cpe:/a:atlassian:jira:8.1.3", "cpe:/a:atlassian:jira_software_data_center:7.6.3", "cpe:/a:atlassian:jira:6.4.9", "cpe:/a:atlassian:jira:2.2", "cpe:/a:atlassian:jira_software_data_center:7.6.10", "cpe:/a:atlassian:jira:7.2.8", "cpe:/a:atlassian:jira:7.4.0", "cpe:/a:atlassian:jira:7.2.14", "cpe:/a:atlassian:jira_software_data_center:8.0.2", "cpe:/a:atlassian:jira:3.12.3", "cpe:/a:atlassian:jira:7.0.0", "cpe:/a:atlassian:jira:7.6.7", "cpe:/a:atlassian:jira:8.3.1", "cpe:/a:atlassian:jira:2.5.1", "cpe:/a:atlassian:jira:3.6.2_156", "cpe:/a:atlassian:jira:7.1.1", "cpe:/a:atlassian:jira_software_data_center:7.1.8", "cpe:/a:atlassian:jira:6.2.5", "cpe:/a:atlassian:jira_software_data_center:8.5.1", "cpe:/a:atlassian:jira:7.3.3", "cpe:/a:atlassian:jira_software_data_center:8.4.1", "cpe:/a:atlassian:jira_software_data_center:7.5.0", "cpe:/a:atlassian:jira:8.2.3", "cpe:/a:atlassian:jira:7.11.2", "cpe:/a:atlassian:jira_software_data_center:7.6.0", "cpe:/a:atlassian:jira:4.2.2", "cpe:/a:atlassian:jira:6.1.2", "cpe:/a:atlassian:jira_software_data_center:8.7.1", "cpe:/a:atlassian:jira:6.1.5", "cpe:/a:atlassian:jira:3.13.3", "cpe:/a:atlassian:jira:3.5.3", "cpe:/a:atlassian:jira:8.4.2", "cpe:/a:atlassian:jira:6.2.1", "cpe:/a:atlassian:jira:5.2.8", "cpe:/a:atlassian:jira:6.0.1", "cpe:/a:atlassian:jira:6.1.6", "cpe:/a:atlassian:jira_software_data_center:7.3.2", "cpe:/a:atlassian:jira:7.1.6", "cpe:/a:atlassian:jira_software_data_center:7.2.15", "cpe:/a:atlassian:jira:7.0.2", "cpe:/a:atlassian:jira:3.13.5", "cpe:/a:atlassian:jira:7.2.7", "cpe:/a:atlassian:jira:5.2", "cpe:/a:atlassian:jira:7.3.5", "cpe:/a:atlassian:jira_software_data_center:7.3.6", "cpe:/a:atlassian:jira:3.13", "cpe:/a:atlassian:jira:8.5.4", "cpe:/a:atlassian:jira:6.0.7", "cpe:/a:atlassian:jira:7.13.4", "cpe:/a:atlassian:jira:5.1.4", "cpe:/a:atlassian:jira:4.3", "cpe:/a:atlassian:jira:7.3.2", "cpe:/a:atlassian:jira:7.2.0", "cpe:/a:atlassian:jira_software_data_center:7.13.2", "cpe:/a:atlassian:jira:7.4.3", "cpe:/a:atlassian:jira:3.7.4", "cpe:/a:atlassian:jira:7.12.0", "cpe:/a:atlassian:jira:6.4", "cpe:/a:atlassian:jira:6.4.13", "cpe:/a:atlassian:jira:8.1.1", "cpe:/a:atlassian:jira:8.3.5", "cpe:/a:atlassian:jira:3.8", "cpe:/a:atlassian:jira:4.4.5", "cpe:/a:atlassian:jira:7.1.0", "cpe:/a:atlassian:jira:8.2.1", "cpe:/a:atlassian:jira:4.2.4", "cpe:/a:atlassian:jira:7.2.15", "cpe:/a:atlassian:jira_software_data_center:8.3.2", "cpe:/a:atlassian:jira:3.0.3", "cpe:/a:atlassian:jira:7.7.2", "cpe:/a:atlassian:jira:5.2.10", "cpe:/a:atlassian:jira_software_data_center:7.1.7", "cpe:/a:atlassian:jira:7.3.7", "cpe:/a:atlassian:jira_software_data_center:7.6.6", "cpe:/a:atlassian:jira:4.4", "cpe:/a:atlassian:jira:6.2.7", "cpe:/a:atlassian:jira:7.6.15", "cpe:/a:atlassian:jira_software_data_center:7.5.1", "cpe:/a:atlassian:jira:3.6.4", "cpe:/a:atlassian:jira:4.1", "cpe:/a:atlassian:jira_software_data_center:8.1.1", "cpe:/a:atlassian:jira_software_data_center:8.6.1", "cpe:/a:atlassian:jira_software_data_center:7.1.2", "cpe:/a:atlassian:jira_software_data_center:7.12.3", "cpe:/a:atlassian:jira_software_data_center:7.13.9", "cpe:/a:atlassian:jira:8.3.3", "cpe:/a:atlassian:jira:4.3.1", "cpe:/a:atlassian:jira:3.12", "cpe:/a:atlassian:jira:3.9.3", "cpe:/a:atlassian:jira_software_data_center:8.2.5", "cpe:/a:atlassian:jira:2.6.1", "cpe:/a:atlassian:jira:8.0.1", "cpe:/a:atlassian:jira:8.3.4", "cpe:/a:atlassian:jira:7.3.8", "cpe:/a:atlassian:jira:7.3.0", "cpe:/a:atlassian:jira_software_data_center:7.13.0", "cpe:/a:atlassian:jira:7.7.1", "cpe:/a:atlassian:jira:4.0.1", "cpe:/a:atlassian:jira:5.2.5", "cpe:/a:atlassian:jira:7.13.11", "cpe:/a:atlassian:jira:5.1.7", "cpe:/a:atlassian:jira_software_data_center:8.5.2", "cpe:/a:atlassian:jira:3.6.5", "cpe:/a:atlassian:jira:7.2.9", "cpe:/a:atlassian:jira:7.8.0", "cpe:/a:atlassian:jira_software_data_center:8.0.3", "cpe:/a:atlassian:jira:2.5.2", "cpe:/a:atlassian:jira:8.5.0", "cpe:/a:atlassian:jira_software_data_center:7.12.0", "cpe:/a:atlassian:jira:6.4.10", "cpe:/a:atlassian:jira:8.0.4", "cpe:/a:atlassian:jira_software_data_center:8.4.3", "cpe:/a:atlassian:jira_software_data_center:8.3.1", "cpe:/a:atlassian:jira_software_data_center:8.3.3", "cpe:/a:atlassian:jira:8.6.1", "cpe:/a:atlassian:jira:6.4.2", "cpe:/a:atlassian:jira_software_data_center:8.2.6", "cpe:/a:atlassian:jira_software_data_center:7.1.4", "cpe:/a:atlassian:jira:8.2.0", "cpe:/a:atlassian:jira_software_data_center:7.5.3", "cpe:/a:atlassian:jira_software_data_center:7.11.0", "cpe:/a:atlassian:jira:6.2.4", "cpe:/a:atlassian:jira_software_data_center:7.0.4", "cpe:/a:atlassian:jira:6.4.5", "cpe:/a:atlassian:jira:3.13.2", "cpe:/a:atlassian:jira_software_data_center:7.2.7", "cpe:/a:atlassian:jira:4.2", "cpe:/a:atlassian:jira:6.4.4", "cpe:/a:atlassian:jira:7.0.11", "cpe:/a:atlassian:jira:3.13.1", "cpe:/a:atlassian:jira:7.2.10", "cpe:/a:atlassian:jira:3.3", "cpe:/a:atlassian:jira_software_data_center:8.3.4", "cpe:/a:atlassian:jira_software_data_center:7.13.13", "cpe:/a:atlassian:jira:8.0.3", "cpe:/a:atlassian:jira:6.3.7", "cpe:/a:atlassian:jira:3.8.1", "cpe:/a:atlassian:jira:6.4.12", "cpe:/a:atlassian:jira:7.6.4", "cpe:/a:atlassian:jira:7.12.3", "cpe:/a:atlassian:jira:8.5.5", "cpe:/a:atlassian:jira:6.3.11", "cpe:/a:atlassian:jira:4.3.4", "cpe:/a:atlassian:jira:7.3.4", "cpe:/a:atlassian:jira:3.4", "cpe:/a:atlassian:jira:3.2.2", "cpe:/a:atlassian:jira_software_data_center:7.7.2", "cpe:/a:atlassian:jira:6.3.8", "cpe:/a:atlassian:jira_software_data_center:8.0.0", "cpe:/a:atlassian:jira:3.5.2", "cpe:/a:atlassian:jira_software_data_center:7.2.3", "cpe:/a:atlassian:jira:3.6.2", "cpe:/a:atlassian:jira_software_data_center:7.4.6", "cpe:/a:atlassian:jira:5.0", "cpe:/a:atlassian:jira:3.12.1", "cpe:/a:atlassian:jira_software_data_center:8.1.0", "cpe:/a:atlassian:jira:8.4.0", "cpe:/a:atlassian:jira:3.0", "cpe:/a:atlassian:jira:7.2.11", "cpe:/a:atlassian:jira_software_data_center:7.1.0", "cpe:/a:atlassian:jira:5.0.1", "cpe:/a:atlassian:jira:7.11.0", "cpe:/a:atlassian:jira:6.4.3", "cpe:/a:atlassian:jira:2.5.3", "cpe:/a:atlassian:jira_software_data_center:8.5.0", "cpe:/a:atlassian:jira:5.2.9", "cpe:/a:atlassian:jira_software_data_center:8.1.3", "cpe:/a:atlassian:jira:8.1.2", "cpe:/a:atlassian:jira:7.6.8", "cpe:/a:atlassian:jira:6.1.1", "cpe:/a:atlassian:jira:6.2.3", "cpe:/a:atlassian:jira_software_data_center:7.2.10", "cpe:/a:atlassian:jira:7.0.9", "cpe:/a:atlassian:jira:7.0.10_", "cpe:/a:atlassian:jira:3.1.1", "cpe:/a:atlassian:jira:3.6.3", "cpe:/a:atlassian:jira:8.4.1", "cpe:/a:atlassian:jira:8.0.22", "cpe:/a:atlassian:jira_software_data_center:8.4.0", "cpe:/a:atlassian:jira:7.8.1", "cpe:/a:atlassian:jira:6.1.4", "cpe:/a:atlassian:jira_software_data_center:7.2.14", "cpe:/a:atlassian:jira:3.11", "cpe:/a:atlassian:jira:6.4.7", "cpe:/a:atlassian:jira_software_data_center:7.8.4", "cpe:/a:atlassian:jira:3.7.2", "cpe:/a:atlassian:jira_software_data_center:7.12.2", "cpe:/a:atlassian:jira_software_data_center:8.7.0", "cpe:/a:atlassian:jira:6.0.3", "cpe:/a:atlassian:jira_software_data_center:7.2.1", "cpe:/a:atlassian:jira:3.9", "cpe:/a:atlassian:jira_software_data_center:7.13.6", "cpe:/a:atlassian:jira_software_data_center:7.5.4", "cpe:/a:atlassian:jira:3.3.1", "cpe:/a:atlassian:jira:7.7.3", "cpe:/a:atlassian:jira:2.6", "cpe:/a:atlassian:jira_software_data_center:7.6.1", "cpe:/a:atlassian:jira:8.2.6", "cpe:/a:atlassian:jira_software_data_center:7.1.10", "cpe:/a:atlassian:jira_software_data_center:7.13.12", "cpe:/a:atlassian:jira:7.1.10", "cpe:/a:atlassian:jira:5.1", "cpe:/a:atlassian:jira_software_data_center:7.2.2", "cpe:/a:atlassian:jira_software_data_center:7.9.2", "cpe:/a:atlassian:jira:3.0.1", "cpe:/a:atlassian:jira_software_data_center:7.11.2", "cpe:/a:atlassian:jira:7.13.8", "cpe:/a:atlassian:jira:3.4.1", "cpe:/a:atlassian:jira:3.1", "cpe:/a:atlassian:jira:3.0.2", "cpe:/a:atlassian:jira_software_data_center:7.13.4", "cpe:/a:atlassian:jira:8.3.0", "cpe:/a:atlassian:jira_software_data_center:7.2.13", "cpe:/a:atlassian:jira_software_data_center:7.2.6", "cpe:/a:atlassian:jira:7.6.1", "cpe:/a:atlassian:jira:8.5.2", "cpe:/a:atlassian:jira_software_data_center:7.3.5", "cpe:/a:atlassian:jira:5.0.6", "cpe:/a:atlassian:jira:6.3.15", "cpe:/a:atlassian:jira:6.0.6", "cpe:/a:atlassian:jira_software_data_center:7.4.5", "cpe:/a:atlassian:jira:5.2.6", "cpe:/a:atlassian:jira:7.10.2", "cpe:/a:atlassian:jira_software_data_center:7.1.6", "cpe:/a:atlassian:jira:3.3.2", "cpe:/a:atlassian:jira_software_data_center:7.8.0", "cpe:/a:atlassian:jira:3.7", "cpe:/a:atlassian:jira:7.10.3", "cpe:/a:atlassian:jira:8.3.2", "cpe:/a:atlassian:jira:5.2.4.1", "cpe:/a:atlassian:jira:7.1.8", "cpe:/a:atlassian:jira:5.1.5", "cpe:/a:atlassian:jira:7.7.0", "cpe:/a:atlassian:jira:6.3.1", "cpe:/a:atlassian:jira_software_data_center:7.6.13", "cpe:/a:atlassian:jira_software_data_center:7.13.14", "cpe:/a:atlassian:jira:7.8.4", "cpe:/a:atlassian:jira_software_data_center:7.10.2", "cpe:/a:atlassian:jira:7.7.4", "cpe:/a:atlassian:jira:3.13.4", "cpe:/a:atlassian:jira:5.2.11", "cpe:/a:atlassian:jira:7.6.12", "cpe:/a:atlassian:jira_software_data_center:7.2.8", "cpe:/a:atlassian:jira:6.4.14", "cpe:/a:atlassian:jira:7.2.3", "cpe:/a:atlassian:jira:7.7.5", "cpe:/a:atlassian:jira_software_data_center:7.8.1", "cpe:/a:atlassian:jira:3.7.1", "cpe:/a:atlassian:jira_software_data_center:7.0.2", "cpe:/a:atlassian:jira:5.0.7", "cpe:/a:atlassian:jira:6.4.1", "cpe:/a:atlassian:jira:7.2.12", "cpe:/a:atlassian:jira:7.13.0", "cpe:/a:atlassian:jira_software_data_center:7.4.0", "cpe:/a:atlassian:jira:8.4.3", "cpe:/a:atlassian:jira:3.6", "cpe:/a:atlassian:jira:7.9.2", "cpe:/a:atlassian:jira_software_data_center:7.1.1", "cpe:/a:atlassian:jira_software_data_center:7.3.4", "cpe:/a:atlassian:jira_software_data_center:7.2.11", "cpe:/a:atlassian:jira:3.4.3", "cpe:/a:atlassian:jira:6.0.2", "cpe:/a:atlassian:jira:5.2.3", "cpe:/a:atlassian:jira:6.1.3", "cpe:/a:atlassian:jira:7.13.7", "cpe:/a:atlassian:jira_software_data_center:7.13.1", "cpe:/a:atlassian:jira:7.8.3", "cpe:/a:atlassian:jira:6.1.8", "cpe:/a:atlassian:jira_software_data_center:7.5.2", "cpe:/a:atlassian:jira:4.3.2", "cpe:/a:atlassian:jira_software_data_center:7.2.4", "cpe:/a:atlassian:jira:6.2.2", "cpe:/a:atlassian:jira:7.4.1", "cpe:/a:atlassian:jira:7.1.9", "cpe:/a:atlassian:jira_software_data_center:7.6.11", "cpe:/a:atlassian:jira_software_data_center:7.6.16", "cpe:/a:atlassian:jira:2.2.1", "cpe:/a:atlassian:jira:7.7", "cpe:/a:atlassian:jira_software_data_center:7.10.0", "cpe:/a:atlassian:jira:8.6.0", "cpe:/a:atlassian:jira:7.13.5", "cpe:/a:atlassian:jira_software_data_center:7.2.0", "cpe:/a:atlassian:jira:4.1.1", "cpe:/a:atlassian:jira:7.5.1", "cpe:/a:atlassian:jira_software_data_center:7.2.9", "cpe:/a:atlassian:jira_software_data_center:8.2.4", "cpe:/a:atlassian:jira_software_data_center:7.3.3", "cpe:/a:atlassian:jira_software_data_center:7.12.1", "cpe:/a:atlassian:jira:7.0.3", "cpe:/a:atlassian:jira_software_data_center:7.3.9", "cpe:/a:atlassian:jira_software_data_center:7.3.8", "cpe:/a:atlassian:jira:4.1.2", "cpe:/a:atlassian:jira:4.4.1", "cpe:/a:atlassian:jira_software_data_center:7.6.12", "cpe:/a:atlassian:jira:7.9.1", "cpe:/a:atlassian:jira:5.1.3", "cpe:/a:atlassian:jira_software_data_center:8.2.2", "cpe:/a:atlassian:jira:7.2.4", "cpe:/a:atlassian:jira_software_data_center:7.3.0", "cpe:/a:atlassian:jira:7.3.1", "cpe:/a:atlassian:jira:7.4.5", "cpe:/a:atlassian:jira:3.10", "cpe:/a:atlassian:jira_software_data_center:8.2.1", "cpe:/a:atlassian:jira_software_data_center:7.6.14", "cpe:/a:atlassian:jira:7.2.5", "cpe:/a:atlassian:jira_software_data_center:8.3.5", "cpe:/a:atlassian:jira:8.5.3", "cpe:/a:atlassian:jira:3.4.2", "cpe:/a:atlassian:jira:4.4.4", "cpe:/a:atlassian:jira_software_data_center:7.3.1", "cpe:/a:atlassian:jira:8.7.1", "cpe:/a:atlassian:jira:7.13.2", "cpe:/a:atlassian:jira_software_data_center:7.6.9", "cpe:/a:atlassian:jira:7.11.1", "cpe:/a:atlassian:jira:3.9.1", "cpe:/a:atlassian:jira:7.2.13", "cpe:/a:atlassian:jira_software_data_center:8.2.3", "cpe:/a:atlassian:jira:3.6.1", "cpe:/a:atlassian:jira:4.4.2", "cpe:/a:atlassian:jira:6.4.8", "cpe:/a:atlassian:jira:7.6.5", "cpe:/a:atlassian:jira:7.13.6", "cpe:/a:atlassian:jira_software_data_center:7.0.9", "cpe:/a:atlassian:jira_software_data_center:7.6.7", "cpe:/a:atlassian:jira_software_data_center:7.13.8", "cpe:/a:atlassian:jira:7.3.6", "cpe:/a:atlassian:jira:7.6.13", "cpe:/a:atlassian:jira:6.2", "cpe:/a:atlassian:jira_software_data_center:7.2.12", "cpe:/a:atlassian:jira:7.6.14", "cpe:/a:atlassian:jira:5.0.3", "cpe:/a:atlassian:jira_software_data_center:7.8.2", "cpe:/a:atlassian:jira:4.0.2", "cpe:/a:atlassian:jira:6.3.4", "cpe:/a:atlassian:jira:8.0.0", "cpe:/a:atlassian:jira_software_data_center:7.0.0", "cpe:/a:atlassian:jira:7.12.1", "cpe:/a:atlassian:jira:3.5.1", "cpe:/a:atlassian:jira:7.12.4", "cpe:/a:atlassian:jira:7.0.10", "cpe:/a:atlassian:jira:6.3.12", "cpe:/a:atlassian:jira:7.13.9", "cpe:/a:atlassian:jira:7.4.4", "cpe:/a:atlassian:jira:5.2.7", "cpe:/a:atlassian:jira_software_data_center:7.1.9", "cpe:/a:atlassian:jira:5.2.2", "cpe:/a:atlassian:jira:5.2.1", "cpe:/a:atlassian:jira:7.0.4", "cpe:/a:atlassian:jira_software_data_center:8.5.4", "cpe:/a:atlassian:jira_software_data_center:7.6.2", "cpe:/a:atlassian:jira_software_data_center:7.6.8", "cpe:/a:atlassian:jira:7.6.0", "cpe:/a:atlassian:jira:7.6.17", "cpe:/a:atlassian:jira:4.0", "cpe:/a:atlassian:jira:5.2.4", "cpe:/a:atlassian:jira:7.13.1", "cpe:/a:atlassian:jira:7.11.3", "cpe:/a:atlassian:jira:5.1.1", "cpe:/a:atlassian:jira:8.0.2", "cpe:/a:atlassian:jira:3.2", "cpe:/a:atlassian:jira_software_data_center:8.2.0", "cpe:/a:atlassian:jira:7.6.6", "cpe:/a:atlassian:jira:7.13.12", "cpe:/a:atlassian:jira:7.13.3", "cpe:/a:atlassian:jira:4.4.3", "cpe:/a:atlassian:jira_software_data_center:7.6.4", "cpe:/a:atlassian:jira_software_data_center:7.11.1", "cpe:/a:atlassian:jira:6.0.4"], "cpe23": [], "cvelist": ["CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-74"], "description": "The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-07-08T12:27:48", "references": [{"idList": ["ATLASSIAN:JRASERVER-70944"], "type": "atlassian"}], "rev": 2}, "score": {"modified": "2020-07-08T12:27:48", "rev": 2, "value": 7.1, "vector": "NONE"}}, "hash": "561f4adec20ad54a517732d63ebf1a82e51fbf72c6fec20c8371f6de8bd823cc", "hashmap": [{"hash": "4b2aa28f6cd2429cf85b03518f4d65f1", "key": "cwe"}, {"hash": "fc30ef575661306ca3b94198407da92f", "key": "href"}, {"hash": "31de186178df28204b8a46ed9d00dde0", "key": "cpe"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "1ea403c1abcafad68ad6ba66a63cf129", "key": "published"}, {"hash": "20ef2bede4ddf2da024e8a8a4a435ab7", "key": "title"}, {"hash": "1fe6aaf8bae6091d2be9c043d12515be", "key": "cvelist"}, {"hash": "f653f1ed54e78cc8e46a06ff42064514", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "58f0354029a7fe6de53ba40f2d9db19c", "key": "references"}, {"hash": "54c0c8bef9ddf8f5998e8fc240aa7e1f", "key": "description"}, {"hash": "dfbfac1af6316ff0d3a08da1ab8d0d95", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20409", "id": "CVE-2019-20409", "lastseen": "2020-07-08T12:27:48", "modified": "2020-07-06T15:00:00", "objectVersion": "1.3", "published": "2020-06-23T06:15:00", "references": ["https://jira.atlassian.com/browse/JRASERVER-70944"], "reporter": "cve@mitre.org", "title": "CVE-2019-20409", "type": "cve", "viewCount": 11}, "differentElements": ["cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-07-08T12:27:48"}], "edition": 10, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "87ec4b03c36995bd98250a57e8cb3010"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "930eaa0ae47bfd74d86a44507582916e"}, {"key": "cvelist", "hash": "1fe6aaf8bae6091d2be9c043d12515be"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "4b2aa28f6cd2429cf85b03518f4d65f1"}, {"key": "description", "hash": "54c0c8bef9ddf8f5998e8fc240aa7e1f"}, {"key": "extraReferences", "hash": "04c75f51ead2c7eb89761c65297e440a"}, {"key": "href", "hash": "fc30ef575661306ca3b94198407da92f"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "f653f1ed54e78cc8e46a06ff42064514"}, {"key": "published", "hash": "1ea403c1abcafad68ad6ba66a63cf129"}, {"key": "references", "hash": "58f0354029a7fe6de53ba40f2d9db19c"}, {"key": "reporter", "hash": "d8af6840348f568958e905fde71557f1"}, {"key": "title", "hash": "20ef2bede4ddf2da024e8a8a4a435ab7"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "35dc117f708c2944fe3801fca3d4a00f5884a20824cf5d4f460aff7f18e3d8e1", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-70940", "ATLASSIAN:JRASERVER-70944"]}], "modified": "2021-04-23T00:45:22", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-04-23T00:45:22", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "atlassian:jira_software_data_center", "name": "atlassian jira software data center", "operator": "lt", "version": "8.8.0"}, {"cpeName": "atlassian:jira", "name": "atlassian jira", "operator": "lt", "version": "8.8.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-74"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:atlassian:jira_software_data_center:8.8.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.8.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:atlassian:jira:8.8.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.8.0", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://jira.atlassian.com/browse/JRASERVER-70944", "refsource": "MISC", "tags": ["Vendor Advisory", "Issue Tracking"], "url": "https://jira.atlassian.com/browse/JRASERVER-70944"}], "immutableFields": []}, {"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 73, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 85, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 25, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}, {"id": "CVE-2018-20409", "bulletinFamily": "NVD", "title": "CVE-2018-20409", "description": "An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls.", "published": "2018-12-23T23:29:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20409", "reporter": "cve@mitre.org", "references": ["https://github.com/axiomatic-systems/Bento4/issues/345"], "cvelist": ["CVE-2018-20409"], "type": "cve", "lastseen": "2021-04-23T00:24:24", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "axiosys:bento4", "name": "axiosys bento4", "operator": "eq", "version": "1.5.1-627"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axiosys:bento4:1.5.1-627"], "cpe23": ["cpe:2.3:a:axiosys:bento4:1.5.1-627:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:axiosys:bento4:1.5.1-627:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-20409"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-125"], "description": "An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls.", "edition": 5, "enchantments": {"dependencies": {"modified": "2021-02-02T06:52:35", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T06:52:35", "rev": 2, "value": 2.6, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/axiomatic-systems/Bento4/issues/345", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://github.com/axiomatic-systems/Bento4/issues/345"}], "hash": "ca6f3c9f7c56c5c127d93318dee7d8a38cfdbf81c8700f08d07af308d240f866", "hashmap": [{"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "befcc5e33b63d864b49d719d8e0568aa", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "2bdc26994bc83a7fbd7fdcb545e305b7", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "e9155b7f2b0b254b700074ee1f6fedbd", "key": "description"}, {"hash": "b957cf55e983dadf529c578190c6621b", "key": "references"}, {"hash": "87f2694958b4682787c6fc65b55ee9fa", "key": "extraReferences"}, {"hash": "1a7478bc089930b84c69898a640702b5", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "af763a464055c05fadc96ca4f517bea9", "key": "cwe"}, {"hash": "e5f26d77fb7303b8ffacd89232e2f717", "key": "cvelist"}, {"hash": "e28561377fa6c6e22b5864856ebc7433", "key": "published"}, {"hash": "6224c557a68c905f4aa5cda7e6b98c31", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "381085a95bfcc258a7df57f577fa6d68", "key": "title"}, {"hash": "b6a80b348c2642c2218d0831302dc1d9", "key": "affectedSoftware"}, {"hash": "1f0cc7832f07ee78350b613e89af69f8", "key": "modified"}, {"hash": "228f6d488ada5b9729e761621daa6feb", "key": "href"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20409", "id": "CVE-2018-20409", "immutableFields": [], "lastseen": "2021-02-02T06:52:35", "modified": "2019-10-03T00:03:00", "objectVersion": "1.5", "published": "2018-12-23T23:29:00", "references": ["https://github.com/axiomatic-systems/Bento4/issues/345"], "reporter": "cve@mitre.org", "title": "CVE-2018-20409", "type": "cve", "viewCount": 4}, "different_elements": ["cpeConfiguration"], "edition": 5, "lastseen": "2021-02-02T06:52:35"}, {"bulletin": {"affectedSoftware": [{"name": "axiosys bento4", "operator": "eq", "version": "1.5.1-627"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axiosys:bento4:1.5.1-627"], "cpe23": ["cpe:2.3:a:axiosys:bento4:1.5.1-627:*:*:*:*:*:*:*"], "cvelist": ["CVE-2018-20409"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-125"], "description": "An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-10-04T12:26:16", "references": [], "rev": 2}, "score": {"modified": "2019-10-04T12:26:16", "rev": 2, "value": 2.6, "vector": "NONE"}}, "hash": "908a0703af29f919a06d164ed57bc49ed7cb2d14bd9da7f65e9215a534188e1d", "hashmap": [{"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "befcc5e33b63d864b49d719d8e0568aa", "key": "cpe"}, {"hash": "e9155b7f2b0b254b700074ee1f6fedbd", "key": "description"}, {"hash": "b957cf55e983dadf529c578190c6621b", "key": "references"}, {"hash": "1a7478bc089930b84c69898a640702b5", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "af763a464055c05fadc96ca4f517bea9", "key": "cwe"}, {"hash": "d1706480e6be6bebff1918baf04176f5", "key": "affectedSoftware"}, {"hash": "e5f26d77fb7303b8ffacd89232e2f717", "key": "cvelist"}, {"hash": "e28561377fa6c6e22b5864856ebc7433", "key": "published"}, {"hash": "6224c557a68c905f4aa5cda7e6b98c31", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "381085a95bfcc258a7df57f577fa6d68", "key": "title"}, {"hash": "1f0cc7832f07ee78350b613e89af69f8", "key": "modified"}, {"hash": "228f6d488ada5b9729e761621daa6feb", "key": "href"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20409", "id": "CVE-2018-20409", "lastseen": "2019-10-04T12:26:16", "modified": "2019-10-03T00:03:00", "objectVersion": "1.3", "published": "2018-12-23T23:29:00", "references": ["https://github.com/axiomatic-systems/Bento4/issues/345"], "reporter": "cve@mitre.org", "title": "CVE-2018-20409", "type": "cve", "viewCount": 2}, "differentElements": ["affectedSoftware"], "edition": 2, "lastseen": "2019-10-04T12:26:16"}, {"bulletin": {"affectedSoftware": [{"name": "axiosys bento4", "operator": "eq", "version": "1.5.1-627"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axiosys:bento4:1.5.1-627"], "cpe23": ["cpe:2.3:a:axiosys:bento4:1.5.1-627:*:*:*:*:*:*:*"], "cvelist": ["CVE-2018-20409"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-119"], "description": "An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:20:04", "references": []}, "score": {"modified": "2019-05-29T18:20:04", "value": 2.6, "vector": "NONE"}}, "hash": "5d04497728f46066a30ee24c91600e3a25e35276f41f4ccd3fa111aa6d1b524e", "hashmap": [{"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "befcc5e33b63d864b49d719d8e0568aa", "key": "cpe"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "e9155b7f2b0b254b700074ee1f6fedbd", "key": "description"}, {"hash": "b957cf55e983dadf529c578190c6621b", "key": "references"}, {"hash": "1a7478bc089930b84c69898a640702b5", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d1706480e6be6bebff1918baf04176f5", "key": "affectedSoftware"}, {"hash": "e5f26d77fb7303b8ffacd89232e2f717", "key": "cvelist"}, {"hash": "e28561377fa6c6e22b5864856ebc7433", "key": "published"}, {"hash": "6224c557a68c905f4aa5cda7e6b98c31", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "381085a95bfcc258a7df57f577fa6d68", "key": "title"}, {"hash": "8907b444a6a275cf6e6f1c1f246fd74a", "key": "modified"}, {"hash": "228f6d488ada5b9729e761621daa6feb", "key": "href"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20409", "id": "CVE-2018-20409", "lastseen": "2019-05-29T18:20:04", "modified": "2019-01-04T20:08:00", "objectVersion": "1.3", "published": "2018-12-23T23:29:00", "references": ["https://github.com/axiomatic-systems/Bento4/issues/345"], "reporter": "cve@mitre.org", "title": "CVE-2018-20409", "type": "cve", "viewCount": 0}, "differentElements": ["modified", "cwe"], "edition": 1, "lastseen": "2019-05-29T18:20:04"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "axiosys:bento4", "name": "axiosys bento4", "operator": "eq", "version": "1.5.1-627"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axiosys:bento4:1.5.1-627"], "cpe23": ["cpe:2.3:a:axiosys:bento4:1.5.1-627:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:axiosys:bento4:1.5.1-627:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-20409"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-125"], "description": "An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-10-03T13:20:18", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T13:20:18", "rev": 2, "value": 2.6, "vector": "NONE"}}, "extraReferences": [], "hash": "9835c71f4abdf5b87e952ea118fb88c2c4c9b8376c3c4c30d963cd46b5ab6937", "hashmap": [{"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "befcc5e33b63d864b49d719d8e0568aa", "key": "cpe"}, {"hash": "2bdc26994bc83a7fbd7fdcb545e305b7", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "e9155b7f2b0b254b700074ee1f6fedbd", "key": "description"}, {"hash": "b957cf55e983dadf529c578190c6621b", "key": "references"}, {"hash": "1a7478bc089930b84c69898a640702b5", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "af763a464055c05fadc96ca4f517bea9", "key": "cwe"}, {"hash": "e5f26d77fb7303b8ffacd89232e2f717", "key": "cvelist"}, {"hash": "e28561377fa6c6e22b5864856ebc7433", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "6224c557a68c905f4aa5cda7e6b98c31", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "381085a95bfcc258a7df57f577fa6d68", "key": "title"}, {"hash": "b6a80b348c2642c2218d0831302dc1d9", "key": "affectedSoftware"}, {"hash": "1f0cc7832f07ee78350b613e89af69f8", "key": "modified"}, {"hash": "228f6d488ada5b9729e761621daa6feb", "key": "href"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20409", "id": "CVE-2018-20409", "lastseen": "2020-10-03T13:20:18", "modified": "2019-10-03T00:03:00", "objectVersion": "1.3", "published": "2018-12-23T23:29:00", "references": ["https://github.com/axiomatic-systems/Bento4/issues/345"], "reporter": "cve@mitre.org", "title": "CVE-2018-20409", "type": "cve", "viewCount": 3}, "differentElements": ["extraReferences"], "edition": 4, "lastseen": "2020-10-03T13:20:18"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "axiosys:bento4", "name": "axiosys bento4", "operator": "eq", "version": "1.5.1-627"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:axiosys:bento4:1.5.1-627"], "cpe23": ["cpe:2.3:a:axiosys:bento4:1.5.1-627:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2018-20409"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-125"], "description": "An issue was discovered in Bento4 1.5.1-627. There is a heap-based buffer over-read in AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp, as demonstrated by mp42hls.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-09-21T14:29:02", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T14:29:02", "rev": 2, "value": 2.6, "vector": "NONE"}}, "hash": "6690a5e1a595fe0fb3781d6305f3c7d51b06736cbece0fd993741faf03d09ee7", "hashmap": [{"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "befcc5e33b63d864b49d719d8e0568aa", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "e9155b7f2b0b254b700074ee1f6fedbd", "key": "description"}, {"hash": "b957cf55e983dadf529c578190c6621b", "key": "references"}, {"hash": "1a7478bc089930b84c69898a640702b5", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "af763a464055c05fadc96ca4f517bea9", "key": "cwe"}, {"hash": "e5f26d77fb7303b8ffacd89232e2f717", "key": "cvelist"}, {"hash": "e28561377fa6c6e22b5864856ebc7433", "key": "published"}, {"hash": "6224c557a68c905f4aa5cda7e6b98c31", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "381085a95bfcc258a7df57f577fa6d68", "key": "title"}, {"hash": "b6a80b348c2642c2218d0831302dc1d9", "key": "affectedSoftware"}, {"hash": "1f0cc7832f07ee78350b613e89af69f8", "key": "modified"}, {"hash": "228f6d488ada5b9729e761621daa6feb", "key": "href"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20409", "id": "CVE-2018-20409", "lastseen": "2020-09-21T14:29:02", "modified": "2019-10-03T00:03:00", "objectVersion": "1.3", "published": "2018-12-23T23:29:00", "references": ["https://github.com/axiomatic-systems/Bento4/issues/345"], "reporter": "cve@mitre.org", "title": "CVE-2018-20409", "type": "cve", "viewCount": 2}, "differentElements": ["cpeConfiguration"], "edition": 3, "lastseen": "2020-09-21T14:29:02"}], "edition": 6, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "b6a80b348c2642c2218d0831302dc1d9"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "befcc5e33b63d864b49d719d8e0568aa"}, {"key": "cpe23", "hash": "6224c557a68c905f4aa5cda7e6b98c31"}, {"key": "cpeConfiguration", "hash": "9d4b6ddf7507bbd06974a004bca95c09"}, {"key": "cvelist", "hash": "e5f26d77fb7303b8ffacd89232e2f717"}, {"key": "cvss", "hash": "741b18e744e3f37108cd8c3f4a1c6ef7"}, {"key": "cvss2", "hash": "9774a97785c6561b193cd00198cb4751"}, {"key": "cvss3", "hash": "1a7478bc089930b84c69898a640702b5"}, {"key": "cwe", "hash": "af763a464055c05fadc96ca4f517bea9"}, {"key": "description", "hash": "e9155b7f2b0b254b700074ee1f6fedbd"}, {"key": "extraReferences", "hash": "87f2694958b4682787c6fc65b55ee9fa"}, {"key": "href", "hash": "228f6d488ada5b9729e761621daa6feb"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "1f0cc7832f07ee78350b613e89af69f8"}, {"key": "published", "hash": "e28561377fa6c6e22b5864856ebc7433"}, {"key": "references", "hash": "b957cf55e983dadf529c578190c6621b"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "381085a95bfcc258a7df57f577fa6d68"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "b2ed694e56592bdba4b5d7854b947dc95f27854950c9ceff0c4acaa6b6a4e833", "viewCount": 7, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-23T00:24:24", "rev": 2}, "score": {"value": 2.6, "vector": "NONE", "modified": "2021-04-23T00:24:24", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:axiosys:bento4:1.5.1-627"], "affectedSoftware": [{"cpeName": "axiosys:bento4", "name": "axiosys bento4", "operator": "eq", "version": "1.5.1-627"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:axiosys:bento4:1.5.1-627:*:*:*:*:*:*:*"], "cwe": ["CWE-125"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:axiosys:bento4:1.5.1-627:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/axiomatic-systems/Bento4/issues/345", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://github.com/axiomatic-systems/Bento4/issues/345"}], "immutableFields": []}], "atlassian": [{"id": "ATLASSIAN:JRASERVER-70944", "bulletinFamily": "software", "title": "Make use of Secure Introspector in Velocity Templates - CVE-2019-20409", "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.\r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 8.8.0\r\n\r\n*Fixed versions:*\r\n * 8.8.0\r\n\r\n*Workaround for previous versions:*\r\nYou use this workaround at your own discretion.\r\n{quote}\r\n1. Download [Jira 8.12|https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.12.3.zip] as zip and extract it\u2019s content\r\n2. [Localize your Jira instance installation directory|https://confluence.atlassian.com/adminjiraserver/jira-application-installation-directory-938847745.html]\r\n3. Shutdown your Jira instance\r\n4. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n5. Remove files: _velocity-htmlsafe-3.0.0.jar_ and _velocity-1.6.4-atlassian-7.jar_\r\n6. Copy files _velocity-htmlsafe-3.1.1.jar_ and _velocity-1.6.4-atlassian-21.jar_ from downloaded Jira 8.12 to current directory. They are found in the _<Jira_8_12_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n7. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/classes_ directory\r\n8. Replace the velocity.properties and velocity-static.properties files with their counterparts from the downloaded Jira 8.12\r\n9. Start your Jira instance again\r\n{quote}", "published": "2020-04-22T01:53:30", "modified": "2021-05-24T14:55:23", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://jira.atlassian.com/browse/JRASERVER-70944", "reporter": "security-metrics-bot", "references": [], "cvelist": ["CVE-2020-14172", "CVE-2019-20409"], "type": "atlassian", "lastseen": "2021-07-28T14:40:49", "history": [{"bulletin": {"affectedSoftware": [{"name": "jira server and data center", "operator": "lt", "version": "8.8.0"}, {"name": "jira server and data center", "operator": "le", "version": "8.3.2"}], "bulletinFamily": "software", "cvelist": ["CVE-2020-14172", "CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.\r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 8.8.0\r\n\r\n*Fixed versions:*\r\n * 8.8.0\r\n\r\n*Workaround for previous versions:*\r\nYou use this workaround at your own discretion.\r\n{quote}\r\n1. Download [Jira 8.12|https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.12.3.zip] as zip and extract it\u2019s content\r\n2. [Localize your Jira instance installation directory|https://confluence.atlassian.com/adminjiraserver/jira-application-installation-directory-938847745.html]\r\n3. Shutdown your Jira instance\r\n4. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n5. Remove files: _velocity-htmlsafe-3.0.0.jar_ and _velocity-1.6.4-atlassian-7.jar_\r\n6. Copy files _velocity-htmlsafe-3.1.1.jar_ and _velocity-1.6.4-atlassian-21.jar_ from downloaded Jira 8.12 to current directory. They are found in the _<Jira_8_12_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n7. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/classes_ directory\r\n8. Replace the velocity.properties and velocity-static.properties files with their counterparts from the downloaded Jira 8.12\r\n9. Start your Jira instance again\r\n{quote}", "edition": 53, "enchantments": {"dependencies": {"modified": "2021-05-24T16:37:13", "references": [{"idList": ["ATLASSIAN:JRASERVER-70940"], "type": "atlassian"}, {"idList": ["CVE-2020-14172", "CVE-2019-20409"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-05-24T16:37:13", "rev": 2, "value": 5.6, "vector": "NONE"}}, "hash": "339d80566f8214a7e5763ca2277b034e53840dbb049916b07abab93f417e683e", "hashmap": [{"hash": "05014a2f7858d613ce772a7344d9199b", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "3f5423d0db75ffd7f5f59df97fbdf97b", "key": "modified"}, {"hash": "297dedfbc92a32df022d6faac595423f", "key": "title"}, {"hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d919a9841ef1cbfef312e402779762ce", "key": "cvelist"}, {"hash": "830faaf06a95777fbfecc78784022bec", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "5a563e062d9df8e9e84f350f535b859b", "key": "description"}, {"hash": "deff6b318be72040c25ff1208b1a96a2", "key": "type"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "22a7180c36b36bddc5f778fab5550f79", "key": "published"}], "history": [], "href": "https://jira.atlassian.com/browse/JRASERVER-70944", "id": "ATLASSIAN:JRASERVER-70944", "immutableFields": [], "lastseen": "2021-05-24T16:37:13", "modified": "2021-05-24T14:55:23", "objectVersion": "1.5", "published": "2020-04-22T01:53:30", "references": [], "reporter": "security-metrics-bot", "title": "Make use of Secure Introspector in Velocity Templates - CVE-2019-20409", "type": "atlassian", "viewCount": 1201}, "different_elements": ["cvss3", "cvss2"], "edition": 53, "lastseen": "2021-05-24T16:37:13"}, {"bulletin": {"affectedSoftware": [{"name": "Jira Server and Data Center", "operator": "lt", "version": "8.8.0"}, {"name": "Jira Server and Data Center", "operator": "le", "version": "8.3.2"}], "bulletinFamily": "software", "cvelist": ["CVE-2019-20409"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. \r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center \r\n prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 8.8.0\r\n\r\n*Fixed versions:*\r\n * 8.8.0", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-07-04T01:31:40", "references": [{"idList": ["CVE-2019-20409"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-07-04T01:31:40", "rev": 2, "value": 5.4, "vector": "NONE"}}, "hash": "2702f55d4ae69ede99029db126e398d23d0121b1030eb3e3ae715c0902a47e86", "hashmap": [{"hash": "297dedfbc92a32df022d6faac595423f", "key": "title"}, {"hash": "46864c2df7e75593031fc66f576cb3bd", "key": "affectedSoftware"}, {"hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "cf78093b66df76c2c139811e4fc6bd96", "key": "description"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "14bdb83a2805f3e2769fa6baafeb1a91", "key": "modified"}, {"hash": "830faaf06a95777fbfecc78784022bec", "key": "href"}, {"hash": "1fe6aaf8bae6091d2be9c043d12515be", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "deff6b318be72040c25ff1208b1a96a2", "key": "type"}, {"hash": "22a7180c36b36bddc5f778fab5550f79", "key": "published"}], "history": [], "href": "https://jira.atlassian.com/browse/JRASERVER-70944", "id": "ATLASSIAN:JRASERVER-70944", "lastseen": "2020-07-04T01:31:40", "modified": "2020-07-03T21:18:07", "objectVersion": "1.3", "published": "2020-04-22T01:53:30", "references": [], "reporter": "security-metrics-bot", "title": "Make use of Secure Introspector in Velocity Templates - CVE-2019-20409", "type": "atlassian", "viewCount": 1126}, "differentElements": ["cvss"], "edition": 7, "lastseen": "2020-07-04T01:31:40"}, {"bulletin": {"affectedSoftware": [{"name": "Jira Server and Data Center", "operator": "lt", "version": "8.8.0"}, {"name": "Jira Server and Data Center", "operator": "le", "version": "8.3.2"}], "bulletinFamily": "software", "cvelist": ["CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.\r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 8.8.0\r\n\r\n*Fixed versions:*\r\n * 8.8.0", "edition": 20, "enchantments": {"dependencies": {"modified": "2020-08-20T17:43:54", "references": [{"idList": ["CVE-2019-20409"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-08-20T17:43:54", "rev": 2, "value": 5.4, "vector": "NONE"}}, "hash": "3a9b37e801176e8efec1d70341d09a12a07a429379f5d7a4e7894f685c1e17b2", "hashmap": [{"hash": "297dedfbc92a32df022d6faac595423f", "key": "title"}, {"hash": "46864c2df7e75593031fc66f576cb3bd", "key": "affectedSoftware"}, {"hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "5d10e262bc36beed08b62d75feb64a2e", "key": "description"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "830faaf06a95777fbfecc78784022bec", "key": "href"}, {"hash": "1fe6aaf8bae6091d2be9c043d12515be", "key": "cvelist"}, {"hash": "bf16d1d7c97efe3e12daad091d25e1a8", "key": "modified"}, {"hash": "deff6b318be72040c25ff1208b1a96a2", "key": "type"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "22a7180c36b36bddc5f778fab5550f79", "key": "published"}], "history": [], "href": "https://jira.atlassian.com/browse/JRASERVER-70944", "id": "ATLASSIAN:JRASERVER-70944", "lastseen": "2020-08-20T17:43:54", "modified": "2020-08-20T13:34:42", "objectVersion": "1.3", "published": "2020-04-22T01:53:30", "references": [], "reporter": "security-metrics-bot", "title": "Make use of Secure Introspector in Velocity Templates - CVE-2019-20409", "type": "atlassian", "viewCount": 1145}, "differentElements": ["modified"], "edition": 20, "lastseen": "2020-08-20T17:43:54"}, {"bulletin": {"affectedSoftware": [{"name": "Jira Server and Data Center", "operator": "lt", "version": "8.8.0"}, {"name": "Jira Server and Data Center", "operator": "le", "version": "8.3.2"}], "bulletinFamily": "software", "cvelist": ["CVE-2020-14172", "CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.\r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 8.8.0\r\n\r\n*Fixed versions:*\r\n * 8.8.0\r\n\r\n*Workaround for previous versions:*\r\nYou use this workaround at your own discretion.\r\n{quote}\r\n1. Download [Jira 8.12|https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.12.3.zip] as zip and extract it\u2019s content\r\n2. [Localize your Jira instance installation directory|https://confluence.atlassian.com/adminjiraserver/jira-application-installation-directory-938847745.html]\r\n3. Shutdown your Jira instance\r\n4. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n5. Remove files: _velocity-htmlsafe-3.0.0.jar_ and _velocity-1.6.4-atlassian-7.jar_\r\n6. Copy files _velocity-htmlsafe-3.1.0.jar_ and _velocity-1.6.4-atlassian-21.jar_ from downloaded Jira 8.12 to current directory. They are found in the _<Jira_8_12_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n7. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/classes_ directory\r\n8. Replace the velocity.properties and velocity-static.properties files with their counterparts from the downloaded Jira 8.12\r\n9. Start your Jira instance again\r\n{quote}", "edition": 40, "enchantments": {"dependencies": {"modified": "2020-11-18T20:34:27", "references": [{"idList": ["ATLASSIAN:JRASERVER-70940"], "type": "atlassian"}, {"idList": ["CVE-2020-14172", "CVE-2019-20409"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-11-18T20:34:27", "rev": 2, "value": 5.6, "vector": "NONE"}}, "hash": "55d036fac06a5c592b005d57f4eac2162b555af74c3218c3ff237e82b90af636", "hashmap": [{"hash": "297dedfbc92a32df022d6faac595423f", "key": "title"}, {"hash": "46864c2df7e75593031fc66f576cb3bd", "key": "affectedSoftware"}, {"hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043", "key": "reporter"}, {"hash": "e825dce0b8ab7c35e81ebe3706bf311f", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d919a9841ef1cbfef312e402779762ce", "key": "cvelist"}, {"hash": "830faaf06a95777fbfecc78784022bec", "key": "href"}, {"hash": "618b476c43acb6f8a7a6b459b5caee5d", "key": "description"}, {"hash": "deff6b318be72040c25ff1208b1a96a2", "key": "type"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "22a7180c36b36bddc5f778fab5550f79", "key": "published"}], "history": [], "href": "https://jira.atlassian.com/browse/JRASERVER-70944", "id": "ATLASSIAN:JRASERVER-70944", "lastseen": "2020-11-18T20:34:27", "modified": "2020-11-18T16:27:04", "objectVersion": "1.3", "published": "2020-04-22T01:53:30", "references": [], "reporter": "security-metrics-bot", "title": "Make use of Secure Introspector in Velocity Templates - CVE-2019-20409", "type": "atlassian", "viewCount": 1164}, "differentElements": ["modified"], "edition": 40, "lastseen": "2020-11-18T20:34:27"}, {"bulletin": {"affectedSoftware": [{"name": "jira server and data center", "operator": "lt", "version": "8.8.0"}, {"name": "jira server and data center", "operator": "le", "version": "8.3.2"}], "bulletinFamily": "software", "cvelist": ["CVE-2020-14172", "CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.\r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 8.8.0\r\n\r\n*Fixed versions:*\r\n * 8.8.0\r\n\r\n*Workaround for previous versions:*\r\nYou use this workaround at your own discretion.\r\n{quote}\r\n1. Download [Jira 8.12|https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.12.3.zip] as zip and extract it\u2019s content\r\n2. [Localize your Jira instance installation directory|https://confluence.atlassian.com/adminjiraserver/jira-application-installation-directory-938847745.html]\r\n3. Shutdown your Jira instance\r\n4. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n5. Remove files: _velocity-htmlsafe-3.0.0.jar_ and _velocity-1.6.4-atlassian-7.jar_\r\n6. Copy files _velocity-htmlsafe-3.1.1.jar_ and _velocity-1.6.4-atlassian-21.jar_ from downloaded Jira 8.12 to current directory. They are found in the _<Jira_8_12_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n7. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/classes_ directory\r\n8. Replace the velocity.properties and velocity-static.properties files with their counterparts from the downloaded Jira 8.12\r\n9. Start your Jira instance again\r\n{quote}", "edition": 46, "enchantments": {"dependencies": {"modified": "2021-01-06T02:35:28", "references": [{"idList": ["ATLASSIAN:JRASERVER-70940"], "type": "atlassian"}, {"idList": ["CVE-2020-14172", "CVE-2019-20409"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-01-06T02:35:28", "rev": 2, "value": 5.6, "vector": "NONE"}}, "hash": "6a03d09b3d64aac97a332e2e5a2bba9eabf312afa23b191c7b2566efaf708275", "hashmap": [{"hash": "05014a2f7858d613ce772a7344d9199b", "key": "affectedSoftware"}, {"hash": "297dedfbc92a32df022d6faac595423f", "key": "title"}, {"hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d919a9841ef1cbfef312e402779762ce", "key": "cvelist"}, {"hash": "830faaf06a95777fbfecc78784022bec", "key": "href"}, {"hash": "559f758c93a1fb20bfdb4ebbdc330c27", "key": "modified"}, {"hash": "5a563e062d9df8e9e84f350f535b859b", "key": "description"}, {"hash": "deff6b318be72040c25ff1208b1a96a2", "key": "type"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "22a7180c36b36bddc5f778fab5550f79", "key": "published"}], "history": [], "href": "https://jira.atlassian.com/browse/JRASERVER-70944", "id": "ATLASSIAN:JRASERVER-70944", "lastseen": "2021-01-06T02:35:28", "modified": "2021-01-05T23:17:09", "objectVersion": "1.3", "published": "2020-04-22T01:53:30", "references": [], "reporter": "security-metrics-bot", "title": "Make use of Secure Introspector in Velocity Templates - CVE-2019-20409", "type": "atlassian", "viewCount": 1187}, "differentElements": ["modified"], "edition": 46, "lastseen": "2021-01-06T02:35:28"}], "edition": 54, "hashmap": [{"key": "affectedSoftware", "hash": "05014a2f7858d613ce772a7344d9199b"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d919a9841ef1cbfef312e402779762ce"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "description", "hash": "5a563e062d9df8e9e84f350f535b859b"}, {"key": "href", "hash": "830faaf06a95777fbfecc78784022bec"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3f5423d0db75ffd7f5f59df97fbdf97b"}, {"key": "published", "hash": "22a7180c36b36bddc5f778fab5550f79"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043"}, {"key": "title", "hash": "297dedfbc92a32df022d6faac595423f"}, {"key": "type", "hash": "deff6b318be72040c25ff1208b1a96a2"}], "hash": "8c0ee4ee544f4a95f316b8169ebb25e0b3e9a15949ff3fab55bc325c4b9cdaf5", "viewCount": 1203, "enchantments": {"dependencies": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-70940"]}, {"type": "cve", "idList": ["CVE-2019-20409", "CVE-2020-14172"]}], "modified": "2021-07-28T14:40:49", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-07-28T14:40:49", "rev": 2}}, "objectVersion": "1.6", "affectedSoftware": [{"name": "jira server and data center", "operator": "lt", "version": "8.8.0"}, {"name": "jira server and data center", "operator": "le", "version": "8.3.2"}], "scheme": null, "immutableFields": [], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}}, {"id": "ATLASSIAN:JRASERVER-70940", "bulletinFamily": "software", "title": "Template injection in Web Resources Manager - CVE-2020-14172", "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.\r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.1 allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 7.13.0\r\n * 8.0.0 \u2264 version < 8.5.0\r\n * 8.6.0 \u2264 version < 8.8.1\r\n\r\n*Fixed versions:*\r\n * 8.8.1\r\n * 8.9.0\r\n\r\n\u00a0*Workaround for previous versions:*\r\nYou use this workaround at your own discretion.\r\n{quote}\r\n1. Download [Jira 8.12.3|https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.12.3.zip] as zip and extract it\u2019s content\r\n2. [Localize your Jira instance installation directory|https://confluence.atlassian.com/adminjiraserver/jira-application-installation-directory-938847745.html]\r\n3. Shutdown your Jira instance\r\n4. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n5. Remove files: _velocity-htmlsafe-3.0.0.jar_ and _velocity-1.6.4-atlassian-7.jar_\r\n6. Copy files _velocity-htmlsafe-3.1.1.jar_ and _velocity-1.6.4-atlassian-21.jar_ from downloaded Jira 8.12 to current directory. They are found in the _<Jira_8_12_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n7. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/classes_ directory\r\n8. Replace the velocity.properties and velocity-static.properties files with their counterparts from the downloaded Jira 8.12.3\r\n9. Start your Jira instance again\r\n{quote}", "published": "2020-04-21T22:27:59", "modified": "2021-05-24T14:55:30", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://jira.atlassian.com/browse/JRASERVER-70940", "reporter": "security-metrics-bot", "references": [], "cvelist": ["CVE-2020-14172", "CVE-2019-20409"], "type": "atlassian", "lastseen": "2021-07-28T14:40:41", "history": [{"bulletin": {"affectedSoftware": [{"name": "jira server and data center", "operator": "le", "version": "8.8.0"}, {"name": "jira server and data center", "operator": "lt", "version": "8.9.0"}, {"name": "jira server and data center", "operator": "lt", "version": "8.8.1"}], "bulletinFamily": "software", "cvelist": ["CVE-2020-14172", "CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.\r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.1 allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 7.13.0\r\n * 8.0.0 \u2264 version < 8.5.0\r\n * 8.6.0 \u2264 version < 8.8.1\r\n\r\n*Fixed versions:*\r\n * 8.8.1\r\n * 8.9.0\r\n\r\n\u00a0*Workaround for previous versions:*\r\nYou use this workaround at your own discretion.\r\n{quote}\r\n1. Download [Jira 8.12.3|https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.12.3.zip] as zip and extract it\u2019s content\r\n2. [Localize your Jira instance installation directory|https://confluence.atlassian.com/adminjiraserver/jira-application-installation-directory-938847745.html]\r\n3. Shutdown your Jira instance\r\n4. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n5. Remove files: _velocity-htmlsafe-3.0.0.jar_ and _velocity-1.6.4-atlassian-7.jar_\r\n6. Copy files _velocity-htmlsafe-3.1.1.jar_ and _velocity-1.6.4-atlassian-21.jar_ from downloaded Jira 8.12 to current directory. They are found in the _<Jira_8_12_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n7. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/classes_ directory\r\n8. Replace the velocity.properties and velocity-static.properties files with their counterparts from the downloaded Jira 8.12.3\r\n9. Start your Jira instance again\r\n{quote}", "edition": 25, "enchantments": {"dependencies": {"modified": "2021-05-24T16:37:17", "references": [{"idList": ["ATLASSIAN:JRASERVER-70944"], "type": "atlassian"}, {"idList": ["CVE-2020-14172", "CVE-2019-20409"], "type": "cve"}], "rev": 2}, "score": {"modified": "2021-05-24T16:37:17", "rev": 2, "value": 5.6, "vector": "NONE"}}, "hash": "49e4726c133bb1537d1a8c0e88ffccd11d332c4649a05fb5e92c07c8ba06ef39", "hashmap": [{"hash": "447ec298c5e869396c964184456cc95c", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b71ac11fe3ca126fafd5a7bf9468075b", "key": "href"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "a5e9a67ddadf5a31d0b9aad287c790f9", "key": "affectedSoftware"}, {"hash": "d919a9841ef1cbfef312e402779762ce", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "f75a2a92f82651aaa98c0993f12f0380", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "deff6b318be72040c25ff1208b1a96a2", "key": "type"}, {"hash": "bd70b640b6a9e309776e16b20774d241", "key": "modified"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "1b9cd9be6c663ca09382b099e1e9284d", "key": "title"}], "history": [], "href": "https://jira.atlassian.com/browse/JRASERVER-70940", "id": "ATLASSIAN:JRASERVER-70940", "immutableFields": [], "lastseen": "2021-05-24T16:37:17", "modified": "2021-05-24T14:55:30", "objectVersion": "1.5", "published": "2020-04-21T22:27:59", "references": [], "reporter": "security-metrics-bot", "title": "Template injection in Web Resources Manager - CVE-2020-14172", "type": "atlassian", "viewCount": 43}, "different_elements": ["cvss3", "cvss2"], "edition": 25, "lastseen": "2021-05-24T16:37:17"}, {"bulletin": {"affectedSoftware": [{"name": "Jira Server and Data Center", "operator": "le", "version": "8.8.0"}, {"name": "Jira Server and Data Center", "operator": "lt", "version": "8.8.1"}, {"name": "Jira Server and Data Center", "operator": "lt", "version": "8.9.0"}], "bulletinFamily": "software", "cvelist": ["CVE-2020-14172", "CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.\r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.1 allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 7.13.0\r\n * 8.0.0 \u2264 version < 8.5.0\r\n * 8.6.0 \u2264 version < 8.8.1\r\n\r\n*Fixed versions:*\r\n * 8.8.1\r\n * 8.9.0\r\n\r\n\u00a0*Workaround for previous versions:*\r\nYou use this workaround at your own discretion.\r\n{quote}\r\n1. Download [Jira 8.12|https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.12.2.zip] as zip and extract it\u2019s content\r\n2. [Localize your Jira instance installation directory|https://confluence.atlassian.com/adminjiraserver/jira-application-installation-directory-938847745.html]\r\n3. Shutdown your Jira instance\r\n4. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n5. Remove files: _velocity-htmlsafe-3.0.0.jar_ and _velocity-1.6.4-atlassian-7.jar_\r\n6. Copy files _velocity-htmlsafe-3.1.0.jar_ and _velocity-1.6.4-atlassian-21.jar_ from downloaded Jira 8.12 to current directory. They are found in the _<Jira_8_12_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n7. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/classes_ directory\r\n8. Replace the velocity.properties and velocity-static.properties files with their counterparts from the downloaded Jira 8.12\r\n9. Start your Jira instance again\r\n{quote}", "edition": 21, "enchantments": {"dependencies": {"modified": "2020-11-19T08:33:44", "references": [{"idList": ["ATLASSIAN:JRASERVER-70944"], "type": "atlassian"}, {"idList": ["CVE-2020-14172", "CVE-2019-20409"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-11-19T08:33:44", "rev": 2, "value": 5.6, "vector": "NONE"}}, "hash": "b3174ff7dce407f56193afb0f49548fe155498eb06380b6ac6f2fc9cafbcffaf", "hashmap": [{"hash": "6dad8b57f66c053c505bc5bdaf461b65", "key": "affectedSoftware"}, {"hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b71ac11fe3ca126fafd5a7bf9468075b", "key": "href"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d919a9841ef1cbfef312e402779762ce", "key": "cvelist"}, {"hash": "f75a2a92f82651aaa98c0993f12f0380", "key": "published"}, {"hash": "deff6b318be72040c25ff1208b1a96a2", "key": "type"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "b94e3e5ea8cde45b6c731d10ef08c7d1", "key": "modified"}, {"hash": "5a033322cdbfdb57d4c5baa81b69e745", "key": "description"}, {"hash": "1b9cd9be6c663ca09382b099e1e9284d", "key": "title"}], "history": [], "href": "https://jira.atlassian.com/browse/JRASERVER-70940", "id": "ATLASSIAN:JRASERVER-70940", "lastseen": "2020-11-19T08:33:44", "modified": "2020-11-19T04:58:50", "objectVersion": "1.3", "published": "2020-04-21T22:27:59", "references": [], "reporter": "security-metrics-bot", "title": "Template injection in Web Resources Manager - CVE-2020-14172", "type": "atlassian", "viewCount": 13}, "differentElements": ["affectedSoftware"], "edition": 21, "lastseen": "2020-11-19T08:33:44"}, {"bulletin": {"affectedSoftware": [{"name": "Jira Server and Data Center", "operator": "le", "version": "8.8.0"}, {"name": "Jira Server and Data Center", "operator": "lt", "version": "8.8.1"}, {"name": "Jira Server and Data Center", "operator": "lt", "version": "8.9.0"}], "bulletinFamily": "software", "cvelist": ["CVE-2020-14172"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.\r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.1 allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 7.13.0\r\n * 8.0.0 \u2264 version < 8.5.0\r\n * 8.6.0 \u2264 version < 8.8.1\r\n\r\n*Fixed versions:*\r\n * 8.8.1\r\n * 8.9.0\r\n\r\n\u00a0", "edition": 13, "enchantments": {"dependencies": {"modified": "2020-09-29T07:06:25", "references": [{"idList": ["CVE-2020-14172"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-09-29T07:06:25", "rev": 2, "value": 5.2, "vector": "NONE"}}, "hash": "5a6192155239e428ccd1ef2cd92bc12caef18a30e9e0ff91e8b441fde2af774b", "hashmap": [{"hash": "6dad8b57f66c053c505bc5bdaf461b65", "key": "affectedSoftware"}, {"hash": "33395122bc5ba0318f89acd5b044259b", "key": "modified"}, {"hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b71ac11fe3ca126fafd5a7bf9468075b", "key": "href"}, {"hash": "85569f579718bd733064c949619ecd2b", "key": "cvelist"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "f75a2a92f82651aaa98c0993f12f0380", "key": "published"}, {"hash": "298a5d4399248844350b7c4e11cae6c1", "key": "description"}, {"hash": "deff6b318be72040c25ff1208b1a96a2", "key": "type"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "1b9cd9be6c663ca09382b099e1e9284d", "key": "title"}], "history": [], "href": "https://jira.atlassian.com/browse/JRASERVER-70940", "id": "ATLASSIAN:JRASERVER-70940", "lastseen": "2020-09-29T07:06:25", "modified": "2020-09-29T01:54:27", "objectVersion": "1.3", "published": "2020-04-21T22:27:59", "references": [], "reporter": "security-metrics-bot", "title": "Template injection in Web Resources Manager - CVE-2020-14172", "type": "atlassian", "viewCount": 10}, "differentElements": ["description", "cvelist", "modified"], "edition": 13, "lastseen": "2020-09-29T07:06:25"}, {"bulletin": {"affectedSoftware": [{"name": "Jira Server and Data Center", "operator": "le", "version": "8.8.0"}, {"name": "Jira Server and Data Center", "operator": "lt", "version": "8.8.1"}, {"name": "Jira Server and Data Center", "operator": "lt", "version": "8.9.0"}], "bulletinFamily": "software", "cvelist": ["CVE-2020-14172", "CVE-2019-20409"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.\r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.1 allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 7.13.0\r\n * 8.0.0 \u2264 version < 8.5.0\r\n * 8.6.0 \u2264 version < 8.8.1\r\n\r\n*Fixed versions:*\r\n * 8.8.1\r\n * 8.9.0\r\n\r\n\u00a0*Workaround for previous versions:*\r\nYou use this workaround at your own discretion.\r\n{quote}\r\n1. Download [Jira 8.12|https://product-downloads.atlassian.com/software/jira/downloads/atlassian-jira-software-8.12.2.zip] as zip and extract it\u2019s content\r\n2. [Localize your Jira instance installation directory|https://confluence.atlassian.com/adminjiraserver/jira-application-installation-directory-938847745.html]\r\n3. Shutdown your Jira instance\r\n4. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n5. Remove files: _velocity-htmlsafe-3.0.0.jar_ and _velocity-1.6.4-atlassian-7.jar_\r\n6. Copy files _velocity-htmlsafe-3.1.0.jar_ and _velocity-1.6.4-atlassian-21.jar_ from downloaded Jira 8.12 to current directory. They are found in the _<Jira_8_12_dir>/atlassian-jira/WEB-INF/lib/_ directory\r\n7. Go to the _<jira_installation_dir>/atlassian-jira/WEB-INF/classes_ directory\r\n8. Replace the velocity.properties and velocity-static.properties files with their counterparts from the downloaded Jira 8.12\r\n9. Start your Jira instance again\r\n{quote}", "edition": 19, "enchantments": {"dependencies": {"modified": "2020-10-19T23:19:20", "references": [{"idList": ["ATLASSIAN:JRASERVER-70944"], "type": "atlassian"}, {"idList": ["CVE-2020-14172", "CVE-2019-20409"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-10-19T23:19:20", "rev": 2, "value": 5.6, "vector": "NONE"}}, "hash": "668acd458027d523beaf2a239e3a8c48883aa82e32ddbfbefed99f446185494a", "hashmap": [{"hash": "6dad8b57f66c053c505bc5bdaf461b65", "key": "affectedSoftware"}, {"hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b71ac11fe3ca126fafd5a7bf9468075b", "key": "href"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "d919a9841ef1cbfef312e402779762ce", "key": "cvelist"}, {"hash": "603c37b580b77eaad56fff49a5e9019b", "key": "modified"}, {"hash": "f75a2a92f82651aaa98c0993f12f0380", "key": "published"}, {"hash": "deff6b318be72040c25ff1208b1a96a2", "key": "type"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "5a033322cdbfdb57d4c5baa81b69e745", "key": "description"}, {"hash": "1b9cd9be6c663ca09382b099e1e9284d", "key": "title"}], "history": [], "href": "https://jira.atlassian.com/browse/JRASERVER-70940", "id": "ATLASSIAN:JRASERVER-70940", "lastseen": "2020-10-19T23:19:20", "modified": "2020-10-19T19:19:23", "objectVersion": "1.3", "published": "2020-04-21T22:27:59", "references": [], "reporter": "security-metrics-bot", "title": "Template injection in Web Resources Manager - CVE-2020-14172", "type": "atlassian", "viewCount": 11}, "differentElements": ["modified"], "edition": 19, "lastseen": "2020-10-19T23:19:20"}, {"bulletin": {"affectedSoftware": [{"name": "Jira Server and Data Center", "operator": "le", "version": "8.8.0"}, {"name": "Jira Server and Data Center", "operator": "lt", "version": "8.8.1"}, {"name": "Jira Server and Data Center", "operator": "lt", "version": "8.9.0"}], "bulletinFamily": "software", "cvelist": ["CVE-2020-14172"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "description": "This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented.\r\n\r\nThe way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.1 allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability.\r\n\r\n*Affected versions:*\r\n * version < 7.13.0\r\n * 8.0.0 \u2264 version < 8.5.0\r\n * 8.6.0 \u2264 version < 8.8.1\r\n\r\n*Fixed versions:*\r\n * 8.8.1\r\n * 8.9.0\r\n\r\n\u00a0", "edition": 10, "enchantments": {"dependencies": {"modified": "2020-08-28T13:46:07", "references": [{"idList": ["CVE-2020-14172"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-08-28T13:46:07", "rev": 2, "value": 5.2, "vector": "NONE"}}, "hash": "d0c5f2c50f41651134b49f27e0df01dec3e37a474131944a0ffcf2f45ac96885", "hashmap": [{"hash": "6dad8b57f66c053c505bc5bdaf461b65", "key": "affectedSoftware"}, {"hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b71ac11fe3ca126fafd5a7bf9468075b", "key": "href"}, {"hash": "85569f579718bd733064c949619ecd2b", "key": "cvelist"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "f75a2a92f82651aaa98c0993f12f0380", "key": "published"}, {"hash": "298a5d4399248844350b7c4e11cae6c1", "key": "description"}, {"hash": "deff6b318be72040c25ff1208b1a96a2", "key": "type"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "858b3037fe0175479ac8b9dd9395a7e8", "key": "modified"}, {"hash": "1b9cd9be6c663ca09382b099e1e9284d", "key": "title"}], "history": [], "href": "https://jira.atlassian.com/browse/JRASERVER-70940", "id": "ATLASSIAN:JRASERVER-70940", "lastseen": "2020-08-28T13:46:07", "modified": "2020-08-28T09:40:38", "objectVersion": "1.3", "published": "2020-04-21T22:27:59", "references": [], "reporter": "security-metrics-bot", "title": "Template injection in Web Resources Manager - CVE-2020-14172", "type": "atlassian", "viewCount": 6}, "differentElements": ["modified"], "edition": 10, "lastseen": "2020-08-28T13:46:07"}], "edition": 26, "hashmap": [{"key": "affectedSoftware", "hash": "a5e9a67ddadf5a31d0b9aad287c790f9"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d919a9841ef1cbfef312e402779762ce"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "description", "hash": "447ec298c5e869396c964184456cc95c"}, {"key": "href", "hash": "b71ac11fe3ca126fafd5a7bf9468075b"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "bd70b640b6a9e309776e16b20774d241"}, {"key": "published", "hash": "f75a2a92f82651aaa98c0993f12f0380"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "d3ab0a63ceaa4e12c1c76ce7c24ce043"}, {"key": "title", "hash": "1b9cd9be6c663ca09382b099e1e9284d"}, {"key": "type", "hash": "deff6b318be72040c25ff1208b1a96a2"}], "hash": "eeab48ec27607e0ba4bec986f0c1fb7c72355565417be952a33fb5db84de75b2", "viewCount": 75, "enchantments": {"dependencies": {"references": [{"type": "atlassian", "idList": ["ATLASSIAN:JRASERVER-70944"]}, {"type": "cve", "idList": ["CVE-2019-20409", "CVE-2020-14172"]}], "modified": "2021-07-28T14:40:41", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-07-28T14:40:41", "rev": 2}}, "objectVersion": "1.6", "affectedSoftware": [{"name": "jira server and data center", "operator": "le", "version": "8.8.0"}, {"name": "jira server and data center", "operator": "lt", "version": "8.9.0"}, {"name": "jira server and data center", "operator": "lt", "version": "8.8.1"}], "scheme": null, "immutableFields": [], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}}], "packetstorm": [{"id": "PACKETSTORM:153053", "hash": "a959348a38078a71737b6c8a5f24d667", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Quest KACE Systems Management Appliance 9.0 Cross Site Scripting", "description": "", "published": "2019-05-23T00:00:00", "modified": "2019-05-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/153053/Quest-KACE-Systems-Management-Appliance-9.0-Cross-Site-Scripting.html", "reporter": "Julien Ahrens", "references": [], "cvelist": ["CVE-2019-11604"], "lastseen": "2019-05-24T12:45:04", "history": [], "viewCount": 38, "enchantments": {"score": {"value": 4.2, "vector": "NONE", "modified": "2019-05-24T12:45:04", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-11604"]}], "modified": "2019-05-24T12:45:04", "rev": 2}}, "objectVersion": "1.4", "sourceHref": "https://packetstormsecurity.com/files/download/153053/questkacesma9-xss.txt", "sourceData": "`RCE Security Advisory \nhttps://www.rcesecurity.com \n \n \n1. ADVISORY INFORMATION \n======================= \nProduct: Quest KACE Systems Management Appliance \nVendor URL: www.quest.com \nType: Cross-Site Scripting [CWE-79] \nDate found: 2018-09-09 \nDate published: 2019-05-19 \nCVSSv3 Score: 4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N) \nCVE: CVE-2019-11604 \n \n \n2. CREDITS \n========== \nThis vulnerability was discovered and researched by Julien Ahrens from \nRCE Security. \n \n \n3. VERSIONS AFFECTED \n==================== \nQuest KACE Systems Management Appliance 9.0 and below \n \n \n4. INTRODUCTION \n=============== \nThe KACE Systems Management Appliance (SMA) helps you accomplish these goals \nby automating complex administrative tasks and modernizing your unified endpoint \nmanagement approach. This makes it possible for you to inventory all hardware \nand software, patch mission-critical applications and OS, reduce the risk of \nbreach, and assure software license compliance. So you're able to reduce systems \nmanagement complexity and safeguard your vulnerable endpoints. \n \n(from the vendor's homepage) \n \n \n5. VULNERABILITY DETAILS \n======================== \nThe script \"/service/kbot_service_notsoap.php\" is vulnerable to an unauthenticated \nreflected Cross-Site Scripting vulnerability when user-supplied input to the \nHTTP GET parameter \"METHOD\" is processed by the web application. Since the \napplication does not properly validate and sanitize this parameter, it is \npossible to place arbitrary script code onto the same page. \n \nThe following Proof-of-Concept triggers this vulnerability: \nhttps://127.0.0.1/service/kbot_service_notsoap.php?METHOD=<script>alert(document.domain)</script> \n \n \n6. RISK \n======= \nTo successfully exploit this vulnerability an unauthenticated or authenticated \nuser must be tricked into visiting an arbitrary website. \n \nThe vulnerability can be used to temporarily embed arbitrary script code into the \ncontext of the appliance web interface, which offers a wide range of possible \nattacks such as redirecting the user to a malicious page, spoofing content on the \npage or attacking the browser and its plugins. Since all session-relevant cookies \nare protected by HTTPOnly, it is not possible to hijack sessions. \n \n \n7. SOLUTION \n=========== \nUpdate to Quest KACE Systems Management Appliance 9.1 \n \n \n8. REPORT TIMELINE \n================== \n2018-09-09: Discovery of the vulnerability \n2019-02-28: Tried to notify vendor via their vulnerability report form \nbut unfortunately the WAF protecting the form blocked the \nProof-of-Concept payload \n2019-02-28: Sent another notification without any payloads \n2019-02-28: Vendor response \n2019-03-01: Sent the exploit payload in a separate mail \n2019-03-01: Vendor acknowledges the issue (tracked as K1-20409) which will \nbe fixed in the 9.1 release (released on 2019/04/15) \n2019-03-01: Vendor asks to delay the disclosure to make sure all customers \nhad time to upgrade \n2019-03-13: Requested disclosure extension granted \n2019-04-30: CVE requested from MITRE \n2019-04-30: MITRE assigns CVE-2019-11604 \n2019-05-19: Public disclosure \n \n \n9. REFERENCES \n============= \n- \n \n`\n", "_object_type": "robots.models.packetstorm.PacketstormBulletin", "_object_types": ["robots.models.packetstorm.PacketstormBulletin", "robots.models.base.Bulletin"]}], "thn": [{"id": "THN:B0128DEDB564BABE8F1F4FB5CA41D351", "type": "thn", "bulletinFamily": "info", "title": "Hackers are using Nuclear Exploit Kit to Spread Cryptowall 4.0 Ransomware", "description": "[](<https://4.bp.blogspot.com/-vOAFC7CxxZU/Vlbb4hTCy6I/AAAAAAAAlfQ/ctQMk0T4WBU/s1600/cryptowall-ransomware-malware.jpg>)\n\n_Beware Internet Users!_\n\n \n\n\n**Cryptowall 4.0** \u2013 the newest version of the world's worst Ransomware \u2013 has surfaced in the **Nuclear exploit kit**, one of the most potent exploit kits available in the underground market for hacking into computers.\n\n \n\n\nRansomware threat has emerged as one of the biggest threats to internet users in recent times. Typically, a Ransomware malware encrypts all files on victim\u2019s computer with a strong cryptographic algorithm, then demand a ransom to be paid in Bitcoin (range between $200 and $10,000).\n\n \n\n\nCryptowall is currently among the most widespread and sophisticated family of Ransomware backed by a very robust back-end infrastructure.\n\n \n\n\n**Also Read: **[Anyone can Now Create their Own Ransomware using This Hacking ToolKit](<https://thehackernews.com/2015/08/ransomware-creator-toolkit.html>)\n\n \n\n\nThe recent report dated back to last month suggested that the authors of **Cryptowall 3.0** ransomware virus have managed to raise more than [$325 Million in revenue](<https://thehackernews.com/2015/10/cryptowall-ransomware.html>) in the past year alone.\n\n \n\n\nWith the debut of **Cryptowall 4.0 **at the beginning of this month, ransomware threat has become more sophisticated and advanced as Cryptowall 4.0 is employing \"**vastly improved**\" communications as well as better design code so that it can exploit more vulnerabilities. \n\n \n\n\n### Cryptowall 4.0 Delivered via Nuclear Exploit Kit\n\n \n\n\nNow less than a month after its release, Cryptowall 4.0 ransomware has been spotted to be delivered as part of a **Nuclear Exploit Kit**, according to the security researchers at the SANS Internet Storm Center (ISC).\n\n \n\n\nUntil recently, Cryptowall 4.0 has been distributed only via malicious spam and phishing emails, but now it has been infecting machines via an Exploit Kit.\n\n \n\n\nSANS security researcher **Brad Duncan** wrote in a blog post [published](<https://isc.sans.edu/diary/BizCN+gate+actor+sends+CryptoWall+4.0/20409>) Tuesday that a cyber criminal working off domains belonging to Chinese registrar BizCN has been spreading the Cryptowall 4.0 ransomware via the Nuclear Exploit Kit.\n\n \n\n\nDuncan said the cyber gang, dubbed the \"**BizCN gate actor**\" by him, began distributing the ransomware in payloads from the exploit kit as early as November 20.\n\n \n\n\n**Also Read: **[Free Ransomware Decryption and Malware Removal ToolKit](<https://thehackernews.com/2015/05/ransomware-decryption-software.html>)\n\n \n\n\nDuncan published a whole technical [analysis](<https://isc.sans.edu/diary/BizCN+gate+actor+sends+CryptoWall+4.0/20409>) on the SANS ISC website that shows how Nuclear exploit kit infects a vulnerable Windows host.\n\n> _\"Since this information is now public, the BizCN gate actor may change [their] tactics,\" _Duncan said in the post._ \"However, unless this actor initiates a drastic change, it can always be found again.\"_\n\nCryptowall 4.0 made its debut earlier this month with upgrades that made it even more challenging for victims to recover files from compromised computers than its predecessor. \n\n \n\n\nCryptowall 4.0 now not only encrypts the data in your files but also encrypts the file names as well, with vastly improved communication capabilities.\n\n \n\n\n### What Should You do if You get Infected by Cryptowall 4.0?\n\n \n\n\nOnce your computer is infected by Cryptowall 4.0, unfortunately, there is not much you can do, as the encryption it uses is very strong and almost unbreakable.\n\n \n\n\nThe only options you are left with are:\n\n * Either, Format your computer and restore your data from the backup\n * Or, Pay the Ransom money for decryption key\n\nHowever, we do not advise you to pay ransom as it does not guarantee that you'll get the decryption key and paying ransom would encourage criminal activities as well. \n\n \n\n\n### Prevention is the Best Practice \n\n \n\n\nAs I previously recommended, the best defense measure against Ransomware is creating awareness within the organizations, as well as maintaining backups that are regularly rotated. \n\n \n\n\nMost viruses are introduced by opening infected attachments or clicking on links to malware usually contained in spam emails. \n\n \n\n\nSo, **DO NOT CLICK** on suspicious links provided in emails and attachments from unknown sources. \n\n \n\n\n**Also Read:** [Ransomware Attacks Threaten Wearable Devices and IoTs ](<https://thehackernews.com/2015/08/ransomware-android-smartwatch.html>)\n\n \n\n\nMoreover, ensure that your systems are running the latest version of Antivirus software with up to date malware definitions.\n", "published": "2015-11-25T23:24:00", "modified": "2015-11-26T10:24:30", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://thehackernews.com/2015/11/cryptowall-ransomware-malware.html", "reporter": "Swati Khandelwal", "references": [], "cvelist": [], "lastseen": "2018-01-27T09:17:40", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 1.1, "vector": "NONE", "modified": "2018-01-27T09:17:40", "rev": 2}, "dependencies": {"references": [], "modified": "2018-01-27T09:17:40", "rev": 2}}, "objectVersion": "1.4", "_object_type": "robots.models.thn.ThnBulletin", "_object_types": ["robots.models.thn.ThnBulletin", "robots.models.base.Bulletin"]}], "threatpost": [{"id": "THREATPOST:1793043E6F09126E2F90CE540E1302B7", "hash": "51bf4438070861205a37d3cf206529aa", "type": "threatpost", "bulletinFamily": "info", "title": "Nuclear Exploit Kit Spreading Cryptowall 4.0 Ransomware", "description": "In short order, the newest version of Cryptowall has begun showing up in exploit kits.\n\nThe SANS Internet Storm Center said on Tuesday that an attacker working off domains belonging to Chinese registrar BizCN has been moving the ransomware via the Nuclear Exploit Kit.\n\nSANS ISC handler and Rackspace security engineer Brad Duncan said that until recently, [Cryptowall 4.0](<https://threatpost.com/updated-cryptowall-encrypts-file-names-mocks-victims/115285/>) has been moved almost exclusively via malicious spam and phishing emails. He said this is the first time Cryptowall 4.0 has been infecting machines via an exploit kit.\n\n\u201cI\u2019ve always expected 4.0 to spread and replace CryptoWall 3.0 in all areas. I noticed the same thing when CryptoWall 2.0 replaced the original CryptoWall in 2014. It didn\u2019t happen immediately. It started with malicious spam and moved to exploit kits,\u201d Duncan told Threatpost. \u201cAs criminals start delivering CryptoWall 4.0 through exploit kits, it won\u2019t immediately happen with all exploit kits at the same time. You\u2019ll start seeing it from one actor, then another, and another. At some point everyone will have moved to the new version.\u201d\n\nThe attacker working from the BizCN domains recently switched IP addresses for their gate domians, which are intermediary servers between compromised websites and the server hosting the exploit kit. This actor, Duncan said, uses the Nuclear Exploit Kit to deliver malware.\n\n\u201cGate servers can check for operating system or browser type from the user agent string in the HTTP headers sent by a potential victim. Depending on the user agent string, the Gate server will respond accordingly,\u201d Duncan said. \u201cWith the BizCN gates, when the OS is not Windows, the gate server will respond with a \u2018404 not found\u2019 (no need to waste resources on a host that\u2019s not vulnerable). If the user agent string shows a Windows host, the gate server will return a 200 OK, which will then generate traffic to an EK server.\u201d\n\nDuncan [published an analysis](<https://isc.sans.edu/diary/BizCN+gate+actor+sends+CryptoWall+4.0/20409>) today on the SANS ISC site that includes examples of URL patterns for BizCN gate traffic and other indicators of compromise. The move to Nuclear, Duncan said, won\u2019t be exclusive; he expects other exploit kits, including Angler, to eventually redirect compromised sites their way. He also cautions that attackers will continue moving Cryptowall 4.0 via spam as well.\n\n\u201cThey\u2019re not moving from spam. We\u2019ll still see CryptoWall 4.0 from malicious spam, even as we start seeing it more from exploit kits. This is just version 4.0 spreading and replacing version 3,\u201d Duncan said. \u201cSome criminal groups focus on malicious spam. Other groups use exploit kits.\u201d\n\nCryptowall 4.0 surfaced earlier this month with updates that increase the difficulty of recovering files from compromised computers. Researchers at Bleeping Computer said the biggest change is that the ransomware now encrypts file names, in addition to data. The attackers also updated the ransom note victims are presented with to include mocking language that congratulates the victim for becoming part of the Cryptowall community.\n\nDuncan also noticed some other subtle differences, including a change in the ransom note calling the ransomware Cryptowall not Cryptowall 3.0; also the malware does not check the IP address of an infected host as it had before.\n\n\u201cNetwork traffic for CryptoWall 4.0 looks nearly identical to what we saw with 3.0, except for an absence of an IP address check by the malware,\u201d Duncan said. \u201cAt this time, the snort-based signatures I\u2019ve seen for CryptoWall 3.0 callback traffic are still valid for 4.0.\u201d\n", "published": "2015-11-25T07:00:30", "modified": "2015-12-04T23:20:19", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://threatpost.com/nuclear-exploit-kit-spreading-cryptowall-4-0-ransomware/115479/", "reporter": "Michael Mimoso", "references": ["https://threatpost.com/updated-cryptowall-encrypts-file-names-mocks-victims/115285/", "https://isc.sans.edu/diary/BizCN+gate+actor+sends+CryptoWall+4.0/20409"], "cvelist": [], "lastseen": "2018-10-06T22:56:02", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 0.5, "vector": "NONE", "modified": "2018-10-06T22:56:02", "rev": 2}, "dependencies": {"references": [{"type": "threatpost", "idList": ["THREATPOST:F094DDBFB06A677D3A9945D478DB1DD3"]}], "modified": "2018-10-06T22:56:02", "rev": 2}}, "objectVersion": "1.4", "_object_type": "robots.models.threatpost.ThreatpostBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.threatpost.ThreatpostBulletin"]}], "securityvulns": [{"id": "SECURITYVULNS:VULN:14753", "bulletinFamily": "software", "title": "PHP security vulnerabilities", "description": "PHAR extension DoS.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2021-06-08T19:08:49", "history": [{"bulletin": {"affectedSoftware": [{"name": "PHP", "operator": "eq", "version": "5.6"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHAR extension DoS.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:10:03", "references": [{"idList": ["ALAS-2015-602", "ALAS-2015-601"], "type": "amazon"}, {"idList": ["CVE-2015-7803", "CVE-2015-7804"], "type": "cve"}, {"idList": ["H1:103990", "H1:104008"], "type": "hackerone"}, {"idList": ["SECURITYVULNS:DOC:32651"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310806649", "OPENVAS:1361412562310806648", "OPENVAS:703380", "OPENVAS:1361412562310120520", "OPENVAS:1361412562310842508", "OPENVAS:1361412562310807000", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310703380", "OPENVAS:1361412562310120396", "OPENVAS:1361412562311220191984"], "type": "openvas"}, {"idList": ["RHSA-2016:0457"], "type": "redhat"}, {"idList": ["SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1", "SUSE-SU-2016:1581-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"], "type": "debian"}, {"idList": ["USN-2786-1"], "type": "ubuntu"}, {"idList": ["SSA-2016-034-04"], "type": "slackware"}, {"idList": ["GLSA-201606-10"], "type": "gentoo"}, {"idList": ["ALA_ALAS-2015-602.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "UBUNTU_USN-2786-1.NASL", "PHP_5_6_14.NASL", "SUSE_SU-2016-0284-1.NASL", "PHP_5_5_30.NASL", "SLACKWARE_SSA_2016-034-04.NASL", "OPENSUSE-2016-100.NASL", "ALA_ALAS-2015-601.NASL", "DEBIAN_DSA-3380.NASL"], "type": "nessus"}, {"idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"], "type": "freebsd"}, {"idList": ["F5:K17503", "SOL17503"], "type": "f5"}, {"idList": ["CLSA-2020:1605798462"], "type": "cloudlinux"}], "rev": 2}, "score": {"modified": "2018-08-31T11:10:03", "rev": 2, "value": 7.4, "vector": "NONE"}}, "hash": "5bebcb6b83df2b42d069178c1e9ea73c038f8703bc95cf2b81c683a8d0d17ff6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "94aee96d0a33ff770af1ab8e308073f0", "key": "cvelist"}, {"hash": "c514412540c1e967450f03283e4ed180", "key": "references"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "5c799165d68e636bd0726587ae899c0d", "key": "description"}, {"hash": "6d2dcaed858380d54d5782ad38c55586", "key": "affectedSoftware"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "b3b8db0e3c7acd6c3190db6f8e88e96b", "key": "href"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "modified"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "3a18a828bc11b79a70839be146b3b5a3", "key": "title"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "id": "SECURITYVULNS:VULN:14753", "immutableFields": [], "lastseen": "2018-08-31T11:10:03", "modified": "2015-11-02T00:00:00", "objectVersion": "1.5", "published": "2015-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "reporter": "BUGTRAQ", "title": "PHP security vulnerabilities", "type": "securityvulns", "viewCount": 212}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:10:03"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "1858c8bfb7eb8aace48fa57059397c29"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "5c799165d68e636bd0726587ae899c0d"}, {"key": "href", "hash": "b3b8db0e3c7acd6c3190db6f8e88e96b"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "c514412540c1e967450f03283e4ed180"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "3a18a828bc11b79a70839be146b3b5a3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "8859a40c26baff900b73dab92cbb6fd72e9b8dcbbd9acc6d613b18d55563796e", "viewCount": 222, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32651"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2021-06-08T19:08:49", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-06-08T19:08:49", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "php", "operator": "eq", "version": "5.6"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32651", "bulletinFamily": "software", "title": "[USN-2786-1] PHP vulnerabilities", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. (CVE-2015-7803, CVE-2015-7804)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "7591a4414fab4e00d545d96f67923bfe"}, {"key": "href", "hash": "91f326dd520bc78a7e8becd3c39b6be5"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "29738b7846c783fb3a4f2a49b7c4ccd3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d2381bcd69ce89f633080a3b3bcd22d9c6038a3c2512d85530ef0a4ad6a45bd8", "viewCount": 181, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14753"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32654", "bulletinFamily": "software", "title": "[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - XXE injection\r\nAdvisory ID: [ERPSCAN-15-029]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 21.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4849\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability Partial (P)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1) An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2) An attacker can perform a DoS attack (for example, XML Entity Expansion).\r\n3) An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/IspPunchInServlet\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32654", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4849"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "05f33ecfa6c5da775ada7be0946e9c35"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "e069b6a0eb846de58d51f6f1caccd76e"}, {"key": "href", "hash": "a034a18d00b9b8f4a3448812c0519f69"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "c9c62536a7dbd3fac9ecbf649050cab1"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "c4015e5d0067bf08940e133c4477451e433581d60a4c9b7745f8b69fced90c4c", "viewCount": 168, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4849"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-029"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32658", "bulletinFamily": "software", "title": "[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite Cross-site Scripting\r\nAdvisory ID: [ERPSCAN-15-027]\r\nAdvisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: Cross-site Scripting\r\nImpact: impersonation, information disclosure\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4854\r\nCVSS Information\r\nCVSS Base Score: 4.3 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) Medium (M)\r\nAu : Authentication (Level of authentication needed to exploit) None (N)\r\nC : Impact to Confidentiality None (N)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nAn anonymous attacker can create a special link that injects malicious JS code\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nCfgOCIReturn servlet is vulnerable to Cross-site Scripting (XSS) due\r\nto lack of sanitizing the "domain" parameter.\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32658", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4854"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "4b5a683c958427d1f139ea46960c1f77"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "ac4e2716cd1f40662335b0c2baefa8ac"}, {"key": "href", "hash": "793234d92076d083ca1ba3d060535b33"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "5015d42a9a849429bfd5eccdc891f977"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d412a2c5f1d57e01c882336bd5b7b03d9bbc5e601468b64828936dded249a019", "viewCount": 182, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4854"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-027"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015", "ORACLE:CPUOCT2015-2367953"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32657", "bulletinFamily": "software", "title": "[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite SQL injection\r\nAdvisory ID: [ERPSCAN-15-026]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: SQL injection\r\nImpact: SQL injection, RCE\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4846\r\nCVSS Information\r\nCVSS Base Score: 3.6 / 10\r\nAV : Access Vector (Related exploit range) Network (N)\r\nAC : Access Complexity (Required attack complexity) High (H)\r\nAu : Authentication (Level of authentication needed to exploit) Single (S)\r\nC : Impact to Confidentiality Partial (P)\r\nI : Impact to Integrity Partial (P)\r\nA : Impact to Availability None (N)\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThe problem is caused by an SQL injection vulnerability. The code\r\ncomprises an SQL statement that contains strings that can be altered\r\nby an attacker. The manipulated SQL statement can then be used to\r\nretrieve additional data from the database or to modify the data.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3, 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov (ERPScan)\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nOne of SQL extensions (afamexts.sql) does not filter user input values\r\nwhich may lead to SQL injection. The only defense mechanism is a\r\npassword for APPS. If an attacker knows the password (for example,\r\ndefault password APPS/APPS), he will be able to exploit SQL injection\r\nwith high privilege.\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions (200 of them just in SAP!).\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities (TOP 10 Web Hacking Techniques 2012) and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 3.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32657", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4846"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "2028f4e78a559d181736340a0b1d147d"}, {"key": "cvss", "hash": "2cbf8392c8ba6ad3fc64242f5a2d3294"}, {"key": "description", "hash": "0003d17d2e87c7e0ff565bcbf5cb29db"}, {"key": "href", "hash": "3b52d758a08f078f46108d7d53e82563"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "79450712fbf162b7be89a44b998f0b41"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "b741a8a189c11460c107071162d0ca6a5c37837c88eb3e8aa27aacd53d2530d3", "viewCount": 165, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4846"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-026"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:VULN:14720", "bulletinFamily": "software", "title": "apport security vulnerabilities", "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "cvelist": ["CVE-2015-1338"], "type": "securityvulns", "lastseen": "2021-06-08T18:47:21", "history": [{"bulletin": {"affectedSoftware": [{"name": "Apport", "operator": "eq", "version": "2.18"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-1338"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:10:02", "references": [{"idList": ["1337DAY-ID-24318"], "type": "zdt"}, {"idList": ["EDB-ID:38353"], "type": "exploitdb"}, {"idList": ["SUSE_SU-2017-1938-1.NASL", "UBUNTU_USN-2744-1.NASL"], "type": "nessus"}, {"idList": ["USN-2744-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310842461"], "type": "openvas"}, {"idList": ["CVE-2015-1338"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:32549", "SECURITYVULNS:DOC:32660"], "type": "securityvulns"}], "rev": 2}, "score": {"modified": "2018-08-31T11:10:02", "rev": 2, "value": 6.3, "vector": "NONE"}}, "hash": "1fa5005708a149c7c59442ee368563a06ac60940d1520936b1bdf2bc66d28119", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "f2f10dc547bbfec7457259bd6d7e047e", "key": "affectedSoftware"}, {"hash": "c40e388f6268f3ea89c15217ff7a389f", "key": "href"}, {"hash": "5ed00cd4fde4dff0aae89dbca81d74db", "key": "references"}, {"hash": "bc78879f0f9131664d05d93df6e74e24", "key": "description"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "6ba287598210482dd32c01dba6343482", "key": "title"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "modified"}, {"hash": "c673ee2fdc72d8a4f67ca23a54ca10e5", "key": "cvelist"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "id": "SECURITYVULNS:VULN:14720", "immutableFields": [], "lastseen": "2018-08-31T11:10:02", "modified": "2015-11-02T00:00:00", "objectVersion": "1.5", "published": "2015-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "reporter": "BUGTRAQ", "title": "apport security vulnerabilities", "type": "securityvulns", "viewCount": 486}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:10:02"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "c063ed29dc851cbe70ebf2ae9876b01e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "c673ee2fdc72d8a4f67ca23a54ca10e5"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "bc78879f0f9131664d05d93df6e74e24"}, {"key": "href", "hash": "c40e388f6268f3ea89c15217ff7a389f"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "5ed00cd4fde4dff0aae89dbca81d74db"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "6ba287598210482dd32c01dba6343482"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "6a476b22964ed9af13d180099f91a74f2789ce11576be85b9f99a47748d85438", "viewCount": 496, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-1338"]}, {"type": "cve", "idList": ["CVE-2015-1338"]}, {"type": "exploitdb", "idList": ["EDB-ID:38353"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842461"]}, {"type": "zdt", "idList": ["1337DAY-ID-24318"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32549"]}, {"type": "ubuntu", "idList": ["USN-2744-1"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2744-1.NASL", "SUSE_SU-2017-1938-1.NASL"]}], "modified": "2021-06-08T18:47:21", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-06-08T18:47:21", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "apport", "operator": "eq", "version": "2.18"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32652", "bulletinFamily": "software", "title": "[USN-2787-1] audiofile vulnerability", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2787-1\r\nOctober 28, 2015\r\n\r\naudiofile vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\naudiofile could be made to crash or run programs as your login if it\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- audiofile: Open-source version of the SGI audiofile library\r\n\r\nDetails:\r\n\r\nFabrizio Gennari discovered that audiofile incorrectly handled changing\r\nboth the sample format and the number of channels. If a user or automated\r\nsystem were tricked into processing a specially crafted file, audiofile\r\ncould be made to crash, leading to a denial of service, or possibly execute\r\narbitrary code.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libaudiofile1 0.3.6-2ubuntu0.15.10.1\r\n\r\nUbuntu 15.04:\r\n libaudiofile1 0.3.6-2ubuntu0.15.04.1\r\n\r\nUbuntu 14.04 LTS:\r\n libaudiofile1 0.3.6-2ubuntu0.14.04.1\r\n\r\nUbuntu 12.04 LTS:\r\n libaudiofile1 0.3.3-2ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2787-1\r\n CVE-2015-7747\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.10.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.14.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.3-2ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32652", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-7747"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "50c023fd612f4a3919caafafd70af1c7"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "e1b942ed5a7d4bd7fdbdd4d984bbcfa8"}, {"key": "href", "hash": "87f14b8fbd08732c6a73b13d46fe98ee"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "e9b921c5bed1ed652b982edc288318b4"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "2d5a85403cc62aca18c0b34cea5aabc8d0bf0116ed796c96ad83efa605c5584f", "viewCount": 339, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-7747"]}, {"type": "cve", "idList": ["CVE-2015-7747"]}, {"type": "fedora", "idList": ["FEDORA:476D76074A70", "FEDORA:AC00060E6E18"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842506", "OPENVAS:1361412562310131103", "OPENVAS:1361412562310806796"]}, {"type": "ubuntu", "idList": ["USN-2787-1"]}, {"type": "nessus", "idList": ["SUSE_SU-2017-0940-1.NASL", "OPENSUSE-2015-698.NASL", "UBUNTU_USN-2787-1.NASL", "FEDORA_2015-605CD28F33.NASL", "FEDORA_2015-4BC7688B3E.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14754"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3877"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32660", "bulletinFamily": "software", "title": "[USN-2782-1] Apport vulnerability", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2782-1\r\nOctober 27, 2015\r\n\r\napport vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nApport could be made to run programs as an administrator.\r\n\r\nSoftware Description:\r\n- apport: automatically generate crash reports for debugging\r\n\r\nDetails:\r\n\r\nGabriel Campana discovered that Apport incorrectly handled Python module\r\nimports. A local attacker could use this issue to elevate privileges.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n apport 2.19.1-0ubuntu4\r\n\r\nUbuntu 15.04:\r\n apport 2.17.2-0ubuntu1.7\r\n\r\nUbuntu 14.04 LTS:\r\n apport 2.14.1-0ubuntu3.18\r\n\r\nUbuntu 12.04 LTS:\r\n apport 2.0.1-0ubuntu17.13\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2782-1\r\n CVE-2015-1341\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/apport/2.19.1-0ubuntu4\r\n https://launchpad.net/ubuntu/+source/apport/2.17.2-0ubuntu1.7\r\n https://launchpad.net/ubuntu/+source/apport/2.14.1-0ubuntu3.18\r\n https://launchpad.net/ubuntu/+source/apport/2.0.1-0ubuntu17.13\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32660", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-1341"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "8f49c49cf517447776f8becbe7916610"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "67dffb644bd6572ab0e644ffec4f8a3d"}, {"key": "href", "hash": "d0b126369a0f5b3d6c7e71db9fa232a5"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "874f3cf5f97e14a7710794ca3a33d6b6"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "7aa6be6084a2337a91bd0bd8527d0eafc3a8d4e537ffb27c8af1a86889efc06d", "viewCount": 209, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-1341"]}, {"type": "cve", "idList": ["CVE-2015-1341"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842505"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2782-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-2782-1"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}]}
