Description

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

Remediation

References

CVE-2021-39114

Related Vulnerabilities

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1488)

WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5)

Drupal Core 4.7.x Multiple Vulnerabilities (4.7.0 - 4.7.1)

WordPress Plugin Bookly #1 WordPress Booking Plugin (Lite Version) Cross-Site Scripting (14.4)

WebLogic CVE-2020-2547 Vulnerability (CVE-2020-2547)

Severity

High

Classification

CVE-2021-39114 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities