CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43951
https://notcve.org/view.php?id=CVE-2021-43951
10 Jan 2022 — Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature. The affected versions are before version 4.21.0. Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes remotos autenticados visualizar los detalles de la configuración de importación de objetos por medio de una vulner... • https://jira.atlassian.com/browse/JSDSERVER-10984 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 17%CPEs: 4EXPL: 1CVE-2021-39115
https://notcve.org/view.php?id=CVE-2021-39115
01 Sep 2021 — Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0. Las versiones afectadas de Atlassian Jira Service Management Server y Data Center permiten a atacantes remotos con acceso "Jira Administrators"... • https://github.com/PetrusViet/CVE-2021-39115 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •
CVSS: 9.8EPSS: 20%CPEs: 6EXPL: 0CVE-2020-36239 – Jira Ehcache RMI Missing Authentication
https://notcve.org/view.php?id=CVE-2020-36239
27 Jul 2021 — Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to... • https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 10%CPEs: 180EXPL: 1CVE-2019-13990 – libquartz: XXE attacks via job description
https://notcve.org/view.php?id=CVE-2019-13990
26 Jul 2019 — initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. La función initDocumentParser en el archivo xml/XMLSchedulingDataProcessor.java en Quartz Scheduler de Terracotta hasta la versión 2.3.0, permite ataques de tipo XXE por medio de una descripción del trabajo. The Terracotta Quartz Scheduler is susceptible to an XML external entity attack (XXE) through a job description. This issue stems from inadequate handling of X... • https://github.com/epicosy/Quartz-1 • CWE-611: Improper Restriction of XML External Entity Reference •