CRITICAL✓ PATCH🇬🇧 English

CVE-2017-5983

CVSS 9.8v3.0pub. 2017-04-10upd. 2026-05-13

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Atlassian Jira

    APP
    Atlassian
    4.2.44.34.3.14.3.24.3.34.3.44.44.4.14.4.24.4.34.4.44.4.55.05.0.15.0.2+ 51 więcej
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
RCEDoSDeserialization
CWE
Referencje

Powiązane podatności

CVE-2020-14172CRITICAL9.8ten sam produkt

This issue exists to document that a security improvement in the way that Jira Server and Data Center use velo...

CVE-2019-20409CRITICAL9.8ten sam produkt

The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 ...

CVE-2012-2926CRITICAL9.1ten sam produkt

Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Cr...

CVE-2021-43947HIGH7.2ten sam produkt

Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privilege...

CVE-2021-41312HIGH7.5ten sam produkt

Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access re...

CVE-2017-5983 — CRITICAL 9.8 | CVEbaza.pl