{"containers": {"cna": {"affected": [{"product": "Confluence Server", "vendor": "Atlassian", "versions": [{"lessThan": "7.4.10", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.5.0", "versionType": "custom"}, {"lessThan": "7.12.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Confluence Data Center", "vendor": "Atlassian", "versions": [{"lessThan": "7.4.10", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "affected", "version": "7.5.0", "versionType": "custom"}, {"lessThan": "7.12.3", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-11-26T00:00:00", "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-427", "description": "Uncontrolled Search Path Element (CWE-427)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-07T00:25:08", "orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://jira.atlassian.com/browse/CONFSERVER-66550"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2021-11-26T00:00:00", "ID": "CVE-2021-43940", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Confluence Server", "version": {"version_data": [{"version_affected": "<", "version_value": "7.4.10"}, {"version_affected": ">=", "version_value": "7.5.0"}, {"version_affected": "<", "version_value": "7.12.3"}]}}, {"product_name": "Confluence Data Center", "version": {"version_data": [{"version_affected": "<", "version_value": "7.4.10"}, {"version_affected": ">=", "version_value": "7.5.0"}, {"version_affected": "<", "version_value": "7.12.3"}]}}]}, "vendor_name": "Atlassian"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Uncontrolled Search Path Element (CWE-427)"}]}]}, "references": {"reference_data": [{"name": "https://jira.atlassian.com/browse/CONFSERVER-66550", "refsource": "MISC", "url": "https://jira.atlassian.com/browse/CONFSERVER-66550"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:10:17.171Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.atlassian.com/browse/CONFSERVER-66550"}]}, {"affected": [{"vendor": "atlassian", "product": "confluence_data_center", "cpes": ["cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "7.4.10", "versionType": "custom"}, {"version": "7.5.0", "status": "affected", "lessThan": "7.12.3", "versionType": "custom"}]}, {"vendor": "atlassian", "product": "confluence_server", "cpes": ["cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "7.4.10", "versionType": "custom"}, {"version": "7.5.0", "status": "affected", "lessThan": "7.12.3", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T16:35:44.027223Z", "id": "CVE-2021-43940", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T16:38:51.537Z"}}]}, "cveMetadata": {"assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "assignerShortName": "atlassian", "cveId": "CVE-2021-43940", "datePublished": "2022-02-15T03:15:09.899432Z", "dateReserved": "2021-11-16T00:00:00", "dateUpdated": "2024-10-08T16:38:51.537Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://jira.atlassian.com/browse/CONFSERVER-66550", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:10:17.171Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-43940", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-08T16:35:44.027223Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "confluence_data_center", "versions": [{"status": "affected", "version": "0", "lessThan": "7.4.10", "versionType": "custom"}, {"status": "affected", "version": "7.5.0", "lessThan": "7.12.3", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*"], "vendor": "atlassian", "product": "confluence_server", "versions": [{"status": "affected", "version": "0", "lessThan": "7.4.10", "versionType": "custom"}, {"status": "affected", "version": "7.5.0", "lessThan": "7.12.3", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T16:38:44.660Z"}}], "cna": {"affected": [{"vendor": "Atlassian", "product": "Confluence Server", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.4.10", "versionType": "custom"}, {"status": "affected", "version": "7.5.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.12.3", "versionType": "custom"}]}, {"vendor": "Atlassian", "product": "Confluence Data Center", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "7.4.10", "versionType": "custom"}, {"status": "affected", "version": "7.5.0", "lessThan": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "unspecified", "lessThan": "7.12.3", "versionType": "custom"}]}], "datePublic": "2021-11-26T00:00:00", "references": [{"url": "https://jira.atlassian.com/browse/CONFSERVER-66550", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-427", "description": "Uncontrolled Search Path Element (CWE-427)"}]}], "providerMetadata": {"orgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "shortName": "atlassian", "dateUpdated": "2022-03-07T00:25:08"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "7.4.10", "version_affected": "<"}, {"version_value": "7.5.0", "version_affected": ">="}, {"version_value": "7.12.3", "version_affected": "<"}]}, "product_name": "Confluence Server"}, {"version": {"version_data": [{"version_value": "7.4.10", "version_affected": "<"}, {"version_value": "7.5.0", "version_affected": ">="}, {"version_value": "7.12.3", "version_affected": "<"}]}, "product_name": "Confluence Data Center"}]}, "vendor_name": "Atlassian"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://jira.atlassian.com/browse/CONFSERVER-66550", "name": "https://jira.atlassian.com/browse/CONFSERVER-66550", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Uncontrolled Search Path Element (CWE-427)"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-43940", "STATE": "PUBLIC", "ASSIGNER": "security@atlassian.com", "DATE_PUBLIC": "2021-11-26T00:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2021-43940", "state": "PUBLISHED", "dateUpdated": "2024-10-08T16:38:51.537Z", "dateReserved": "2021-11-16T00:00:00", "assignerOrgId": "f08a6ab8-ed46-4c22-8884-d911ccfe3c66", "datePublished": "2022-02-15T03:15:09.899432Z", "assignerShortName": "atlassian"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "83557716-7A48-48D5-85A9-4A29DBF4F511", "versionEndExcluding": "7.4.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A310D77-1FFF-4FFE-AD50-75DFF973EB3F", "versionEndExcluding": "7.12.3", "versionStartIncluding": "7.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BA04112-3B97-491B-93E6-80C444274430", "versionEndExcluding": "7.4.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1148DF0-42C0-435F-A6EB-EFA93E10E8D7", "versionEndExcluding": "7.12.3", "versionStartIncluding": "7.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3."}, {"lang": "es", "value": "Las versiones afectadas de Atlassian Confluence Server y Data Center permiten a los atacantes locales autentificados conseguir privilegios elevados en el sistema local a trav\u00e9s de una vulnerabilidad de DLL Hijacking en el instalador de Confluence. Esta vulnerabilidad s\u00f3lo afecta a las instalaciones de Confluence Server y Data Center en Windows. Las versiones afectadas son anteriores a la versi\u00f3n 7.4.10, y desde la versi\u00f3n 7.5.0 hasta la versi\u00f3n7.12.3"}], "id": "CVE-2021-43940", "lastModified": "2024-11-21T06:30:02.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-02-15T04:15:07.177", "references": [{"source": "security@atlassian.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/CONFSERVER-66550"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.atlassian.com/browse/CONFSERVER-66550"}], "sourceIdentifier": "security@atlassian.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-427"}], "source": "security@atlassian.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-427"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}