The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAtlassian Jira
APPAtlassian4.2.44.34.3.14.3.24.3.34.3.44.44.4.14.4.24.4.34.4.44.4.55.05.0.15.0.2+ 51 więcej
Powiązane podatności
This issue exists to document that a security improvement in the way that Jira Server and Data Center use velo...
The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 ...
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Cr...
Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privilege...
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access re...