Security News > 2019 > July > Researcher releases PoC code for critical Atlassian Crowd RCE flaw
2019-07-16 09:41
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution providing single sign-on and user identity. Atlassian plugged the hole in late May, but administrators that failed to implement it should consider doing so now, as full-fledged exploits are likely to pop up soon. About the vulnerability (CVE-2019-11580) Atlassian Crowd allows enterprise admins to manage users from Active Directory, LDAP, OpenLDAP or Microsoft Azure … More → The post Researcher releases PoC code for critical Atlassian Crowd RCE flaw appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/-mfZjZ4lZOs/
Related news
- Fortinet warns of critical RCE bug in endpoint management software (source)
- PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
- Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-03 | CVE-2019-11580 | Unspecified vulnerability in Atlassian Crowd Atlassian Crowd and Crowd Data Center had the pdkinstall development plugin incorrectly enabled in release builds. | 7.5 |