Security News > 2019 > July > Researcher releases PoC code for critical Atlassian Crowd RCE flaw
2019-07-16 09:41
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution providing single sign-on and user identity. Atlassian plugged the hole in late May, but administrators that failed to implement it should consider doing so now, as full-fledged exploits are likely to pop up soon. About the vulnerability (CVE-2019-11580) Atlassian Crowd allows enterprise admins to manage users from Active Directory, LDAP, OpenLDAP or Microsoft Azure … More → The post Researcher releases PoC code for critical Atlassian Crowd RCE flaw appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/-mfZjZ4lZOs/
Related news
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- CISA: Network switch RCE flaw impacts critical infrastructure (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-03 | CVE-2019-11580 | Unspecified vulnerability in Atlassian Crowd Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. | 9.8 |