Security News > 2019 > July > Researcher releases PoC code for critical Atlassian Crowd RCE flaw
2019-07-16 09:41
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution providing single sign-on and user identity. Atlassian plugged the hole in late May, but administrators that failed to implement it should consider doing so now, as full-fledged exploits are likely to pop up soon. About the vulnerability (CVE-2019-11580) Atlassian Crowd allows enterprise admins to manage users from Active Directory, LDAP, OpenLDAP or Microsoft Azure … More → The post Researcher releases PoC code for critical Atlassian Crowd RCE flaw appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/-mfZjZ4lZOs/
Related news
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA (source)
- OpenAI now pays researchers $100,000 for critical vulnerabilities (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-03 | CVE-2019-11580 | Unspecified vulnerability in Atlassian Crowd Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. | 9.8 |