HIGH🇵🇱 Wersja polska

CVE-2021-39115

CVSS 7.2v3.1pub. 2021-09-01upd. 2024-11-21

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Atlassian Jira Service Desk

    APP
    Atlassian
    < 4.13.9
  • Atlassian Jira Service Management

    APP
    Atlassian
    4.14.0 – 4.18.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-22501CRITICAL9.1ten sam produkt

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows ...

CVE-2022-26136CRITICAL9.8ten sam produkt

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Fil...

CVE-2022-0540CRITICAL9.8ten sam produkt

A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a...

CVE-2020-36239CRITICAL9.8ten sam produkt

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6....

CVE-2019-13990CRITICAL9.8ten sam produkt

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows ...