Vulnerabilities > Atlassian > Confluence Server > 5.9.1

DATE CVE VULNERABILITY TITLE RISK
2019-03-25 CVE-2019-3396 Path Traversal vulnerability in Atlassian Confluence Server
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.
network
low complexity
atlassian CWE-22
critical
 9.8
9.8
2019-02-13 CVE-2018-20237 Exposure of Resource to Wrong Sphere vulnerability in Atlassian Confluence Server
Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature.
network
low complexity
atlassian CWE-668
6.5
6.5
2017-01-23 CVE-2016-6668 Information Exposure vulnerability in Atlassian Confluence Server and Jira Integration for Hipchat
The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.
network
low complexity
atlassian CWE-200
7.5
7.5