Vulnerabilities > Atlassian > Jira Service Management > 4.22.0

DATE CVE VULNERABILITY TITLE RISK
2022-08-03 CVE-2022-36800 Unspecified vulnerability in Atlassian Jira Service Management
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint.
network
low complexity
atlassian
4.3
2022-07-26 CVE-2021-43959 Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira Service Desk and Jira Service Management
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability in the CSV importing feature of JSM Insight.
network
low complexity
atlassian CWE-918
5.7
2022-07-20 CVE-2022-26136 Improper Authentication vulnerability in Atlassian products
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps.
network
low complexity
atlassian CWE-287
critical
9.8
2022-07-20 CVE-2022-26137 Origin Validation Error vulnerability in Atlassian products
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses.
network
low complexity
atlassian CWE-346
8.8
2022-06-30 CVE-2022-26135 Server-Side Request Forgery (SSRF) vulnerability in Atlassian products
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint.
network
low complexity
atlassian CWE-918
6.5
2019-07-26 CVE-2019-13990 XXE vulnerability in multiple products
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
network
low complexity
softwareag oracle apache netapp atlassian CWE-611
critical
9.8