← back
CVE-2021-39114

CVE-2021-39114

CVSS 8.8 HIGHEPSS 1.7%CWE-94
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 1.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 Apr 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Atlassian · Confluence Data CenterAtlassian · Confluence Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://jira.atlassian.com/browse/CONFSERVER-68844