cbcvebase.
CVE-2021-39114
published 2022-04-05

CVE-2021-39114: Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary…

high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

Affected

22 ranges
VendorProductVersion rangeFixed in
atlassianconfluence_data_center< 6.13.236.13.23
atlassianconfluence_data_center>= 6.14.0 < unspecifiedunspecified
atlassianconfluence_data_center>= 6.14.0 < 7.4.117.4.11
atlassianconfluence_data_center>= 7.12.0 < unspecifiedunspecified
atlassianconfluence_data_center>= 7.12.0 < 7.12.57.12.5
atlassianconfluence_data_center>= 7.5.0 < unspecifiedunspecified
atlassianconfluence_data_center>= 7.5.0 < 7.11.67.11.6
atlassianconfluence_data_center>= unspecified < 6.13.236.13.23
atlassianconfluence_data_center>= unspecified < 7.4.117.4.11
atlassianconfluence_data_center>= unspecified < 7.11.67.11.6
atlassianconfluence_data_center>= unspecified < 7.12.57.12.5
atlassianconfluence_server< 6.13.236.13.23
atlassianconfluence_server>= 6.14.0 < unspecifiedunspecified
atlassianconfluence_server>= 6.14.0 < 7.4.117.4.11
atlassianconfluence_server>= 7.12.0 < unspecifiedunspecified
atlassianconfluence_server>= 7.12.0 < 7.12.57.12.5
atlassianconfluence_server>= 7.5.0 < unspecifiedunspecified
atlassianconfluence_server>= 7.5.0 < 7.11.67.11.6
atlassianconfluence_server>= unspecified < 6.13.236.13.23
atlassianconfluence_server>= unspecified < 7.4.117.4.11
atlassianconfluence_server>= unspecified < 7.11.67.11.6
atlassianconfluence_server>= unspecified < 7.12.57.12.5

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.8HIGH