Lucene search
HistoryFeb 13, 2017 - 4:43 a.m.
Multiple Vulnerabilities in JIRA Workflow Servlet
0.023 Low
EPSS
Percentile
89.8%
||Affected Versions||
|4.2.4 <= version < 6.3.0|
An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way an XML parser and deserializer was used in JIRA.
For additional details see the [full advisory|https://confluence.atlassian.com/x/vzBoN].
| CPE | Name | Operator | Version |
|---|---|---|---|
| jira (including jira core) | le | 4.2.4 | |
| jira (including jira core) | lt | 6.3 | |
| jira (including jira core) | le | 6.2.7 |
Related
cvelist
cvelist
CVE-2017-5983
2017-04-10 15:00:00
nvd
nvd
CVE-2017-5983
2017-04-10 15:59:00
openvas
openvas
Atlassian JIRA XXE / Deserialization Vulnerability
2017-04-18 00:00:00
nessus
nessus
Atlassian JIRA 4.2.4 < 6.3.0 Multiple Vulnerabilities
2017-05-16 00:00:00
atlassian
atlassian
Multiple Vulnerabilities in JIRA Workflow Servlet
2017-02-13 04:43:51
Multiple Vulnerabilities in JIRA Workflow Servlet
2017-02-13 04:43:51
cve
cve
CVE-2017-5983
2017-04-10 15:59:00
prion
prion
Code injection
2017-04-10 15:59:00
threatpost
threatpost
VMWare Fixes Critical RCE in vCenter Server
2017-04-17 12:05:26
seebug
seebug
AMF3 Java implementations deserialization Vulnerability
2017-04-06 00:00:00
myhack58
myhack58
