Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-39114


Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.


Published

2022-04-05T04:15:08.707

Last Modified

2024-11-21T06:18:36.020

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-94
  • Type: Secondary
    CWE-94

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application atlassian confluence_data_center < 6.13.23 Yes
Application atlassian confluence_data_center < 7.4.11 Yes
Application atlassian confluence_data_center < 7.11.6 Yes
Application atlassian confluence_data_center < 7.12.5 Yes
Application atlassian confluence_server < 6.13.23 Yes
Application atlassian confluence_server < 7.4.11 Yes
Application atlassian confluence_server < 7.11.6 Yes
Application atlassian confluence_server < 7.12.5 Yes

References