Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://jira.atlassian.com/browse/CONFSERVER-68844 |
History
Mon, 07 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: atlassian
Published: 2022-04-05T04:00:18.966826Z
Updated: 2024-10-04T19:06:17.769Z
Reserved: 2021-08-16T00:00:00
Link: CVE-2021-39114
Vulnrichment
Updated: 2024-08-04T01:58:17.751Z
NVD
Status : Modified
Published: 2022-04-05T04:15:08.707
Modified: 2024-11-21T06:18:36.020
Link: CVE-2021-39114
Redhat
No data.