Vulnerabilities > Atlassian

DATE	CVE	VULNERABILITY TITLE	RISK
2017-01-31	CVE-2016-6285	Cross-site Scripting vulnerability in Atlassian Jira Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. network low complexity atlassian CWE-79	6.1
2017-01-23	CVE-2016-6668	Information Exposure vulnerability in Atlassian Confluence Server and Jira Integration for Hipchat The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages. network low complexity atlassian CWE-200	7.5
2017-01-18	CVE-2016-6283	Cross-site Scripting vulnerability in Atlassian Confluence Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action. network low complexity atlassian CWE-79	6.1
2016-12-09	CVE-2016-6496	Improper Input Validation vulnerability in Atlassian Crowd The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. network low complexity atlassian CWE-20 critical	9.8
2016-08-02	CVE-2016-5229	Improper Access Control vulnerability in Atlassian Bamboo Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization. network low complexity atlassian CWE-284 critical	9.8
2016-04-11	CVE-2015-8399	Information Exposure vulnerability in Atlassian Confluence Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. network low complexity atlassian CWE-200	4.3
2016-04-11	CVE-2015-8398	Cross-site Scripting vulnerability in Atlassian Confluence Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. network low complexity atlassian CWE-79	6.1
2016-02-08	CVE-2015-8361	Improper Access Control vulnerability in Atlassian Bamboo Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port. network low complexity atlassian CWE-284 critical	9.1
2016-02-08	CVE-2015-8360	Improper Input Validation vulnerability in Atlassian Bamboo An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. network low complexity atlassian CWE-20 critical	9.8
2016-02-08	CVE-2014-9757	Improper Input Validation vulnerability in Atlassian Bamboo The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. network low complexity atlassian CWE-20 critical	9.8

Vulnerabilities > Atlassian {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Atlassian"}]}

Vulnerabilities > Atlassian