// For flags

CVE-2021-43940

 

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Las versiones afectadas de Atlassian Confluence Server y Data Center permiten a los atacantes locales autentificados conseguir privilegios elevados en el sistema local a través de una vulnerabilidad de DLL Hijacking en el instalador de Confluence. Esta vulnerabilidad sólo afecta a las instalaciones de Confluence Server y Data Center en Windows. Las versiones afectadas son anteriores a la versión 7.4.10, y desde la versión 7.5.0 hasta la versión7.12.3

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2021-11-16 CVE Reserved
  • 2022-02-15 CVE Published
  • 2024-10-08 CVE Updated
  • 2024-10-31 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-427: Uncontrolled Search Path Element
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
https://jira.atlassian.com/browse/CONFSERVER-66550 2022-07-27
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Atlassian
Search vendor "Atlassian"
 Confluence Data Center
Search vendor "Atlassian" for product "Confluence Data Center"
 < 7.4.10
Search vendor "Atlassian" for product "Confluence Data Center" and version " < 7.4.10"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Atlassian
Search vendor "Atlassian"
 Confluence Data Center
Search vendor "Atlassian" for product "Confluence Data Center"
 >= 7.5.0 < 7.12.3
Search vendor "Atlassian" for product "Confluence Data Center" and version " >= 7.5.0 < 7.12.3"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Atlassian
Search vendor "Atlassian"
 Confluence Server
Search vendor "Atlassian" for product "Confluence Server"
 < 7.4.10
Search vendor "Atlassian" for product "Confluence Server" and version " < 7.4.10"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Atlassian
Search vendor "Atlassian"
 Confluence Server
Search vendor "Atlassian" for product "Confluence Server"
 >= 7.5.0 < 7.12.3
Search vendor "Atlassian" for product "Confluence Server" and version " >= 7.5.0 < 7.12.3"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe