Atlassian Jira_service_management
16 CVEs affecting Atlassian Jira_service_management. Latest disclosed: 2024-05-21. Critical: 5, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-26136 | Critical | 9.8 | 2022-07-20 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impa… |
CVE-2022-0540 | Critical | 9.8 | 2022-04-20 | A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atl… |
CVE-2020-36239 | Critical | 9.8 | 2021-07-29 | Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Ji… |
CVE-2019-13990 | Critical | 9.8 | 2019-07-26 | initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. |
CVE-2023-22501 | Critical | 9.1 | 2023-02-01 | An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain… |
CVE-2024-21683 | High | 8.8 | 2024-05-21 | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Executi… |
CVE-2022-26137 | High | 8.8 | 2022-07-20 | A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application… |
CVE-2021-39115 | High | 7.2 | 2021-09-01 | Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Jav… |
CVE-2022-26135 | Medium | 6.5 | 2022-06-30 | A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to p… |
CVE-2021-43959 | Medium | 5.7 | 2022-07-26 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network re… |
CVE-2021-43943 | Medium | 4.8 | 2022-02-24 | Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject arbitrary HTML or JavaScr… |
CVE-2022-36800 | Medium | 4.3 | 2022-08-03 | Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via a… |
CVE-2021-43948 | Medium | 4.3 | 2022-02-15 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an… |
CVE-2021-43950 | Medium | 4.3 | 2022-02-15 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source configuration informat… |
CVE-2021-43951 | Medium | 4.3 | 2022-01-10 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details… |
CVE-2021-43949 | Medium | 4.3 | 2022-01-10 | Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access… |