CVSS: 10.0EPSS: 94%CPEs: 4EXPL: 26CVE-2019-3396 – Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-3396
25 Mar 2019 — The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection. La macro de Widget Connector en Atlassian... • https://packetstorm.news/files/id/161065 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 12%CPEs: 4EXPL: 0CVE-2019-3395 – Atlassian Confluence SSRF / Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-3395
25 Mar 2019 — The WebDAV endpoint in Atlassian Confluence Server and Data Center before version 6.6.7 (the fixed version for 6.6.x), from version 6.7.0 before 6.8.5 (the fixed version for 6.8.x), and from version 6.9.0 before 6.9.3 (the fixed version for 6.9.x) allows remote attackers to send arbitrary HTTP and WebDAV requests from a Confluence Server or Data Center instance via Server-Side Request Forgery. El endpoint WebDAV en Atlassian Confluence Server and Data Center en versiones anteriores a la 6.6.7 (la versión so... • https://jira.atlassian.com/browse/CONFSERVER-57971 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-20237
https://notcve.org/view.php?id=CVE-2018-20237
13 Feb 2019 — Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature. Atlassian Confluence Server and Data Center, en versiones anteriores a la 6.13.1, permite que un usuario autenticado descargue una página eliminada mediante la característica de exportación de palabras. • http://www.securityfocus.com/bid/107041 • CWE-668: Exposure of Resource to Wrong Sphere •