CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
90.5%
This high severity Patch Management vulnerability was introduced in version 7.13.15 of Confluence Data Center & Server.
This Patch Management vulnerability, with CVSS Score(s) of 7.5, allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has no impact to confidentiality, no impact to integrity, high impact to availability, and requires no user interaction.
The following Confluence Data Center & Server versions are affected:
>= 7.13.15 < 7.13.19
>= 7.19.7 < 7.19.11
>= 8.1.1 < 8.4.1
Atlassian recommends that you upgrade your instance to latest version, if you’re unable to do so, upgrade to these fixed versions: 7.13.19, 7.19.11, 8.4.1. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives]).
The following is the listed NVD description for this vulnerability’s CVE:
Vendor | Product | Version | CPE |
---|---|---|---|
atlassian | confluence_data_center | * | cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:* |