Code Injection vulnerability in Atlassian Confluence Server - CVE-2021-39114 (linux)ID: oval:org.secpod.oval:def:84915 | Date: (C)2022-10-19 (M)2022-11-03 |
Class: VULNERABILITY | Family: unix |
The host is installed with Atlassian Confluence Server before 6.13.23, 6.14.0 before 7.4.11, 7.5.0 before 7.11.6, 7.12.0 before 7.12.5 and is prone to Code Injection vulnerability. A flaw is present in the application which fails to properly handle an OGNL payload. Successful exploitation allows users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands.
Product: |
Atlassian Confluence Server |