Vulnerabilities > Atlassian > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-01 | CVE-2021-39115 | Code Injection vulnerability in Atlassian Jira Service Desk Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. | 9.0 |
| 2021-08-30 | CVE-2021-26084 | Expression Language Injection vulnerability in Atlassian Confluence Data Center and Confluence Server In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. | 9.8 |
| 2021-02-22 | CVE-2021-26068 | Injection vulnerability in Atlassian Jira Server for Slack An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. | 9.0 |
| 2021-02-19 | CVE-2020-12873 | Injection vulnerability in Atlassian Alfresco Enterprise Content Management An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. | 9.0 |
| 2019-09-19 | CVE-2019-15001 | Code Injection vulnerability in Atlassian Jira Server The Jira Importers Plugin in Atlassian Jira Server and Data Cente from version with 7.0.10 before 7.6.16, from 7.7.0 before 7.13.8, from 8.0.0 before 8.1.3, from 8.2.0 before 8.2.5, from 8.3.0 before 8.3.4 and from 8.4.0 before 8.4.1 allows remote attackers with Administrator permissions to gain remote code execution via a template injection vulnerability through the use of a crafted PUT request. | 9.0 |
| 2019-08-09 | CVE-2019-11581 | Injection vulnerability in Atlassian Jira and Jira Server There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. | 9.3 |
| 2019-07-26 | CVE-2019-13990 | XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 |
| 2019-06-14 | CVE-2019-11582 | Argument Injection or Modification vulnerability in Atlassian Sourcetree An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versions prior to 3.1.3, allows remote attackers to gain remote code execution through the use of a crafted URI. | 9.3 |
| 2019-06-03 | CVE-2019-3397 | Path Traversal vulnerability in Atlassian Bitbucket Atlassian Bitbucket Data Center licensed instances starting with version 5.13.0 before 5.13.6 (the fixed version for 5.13.x), from 5.14.0 before 5.14.4 (fixed version for 5.14.x), from 5.15.0 before 5.15.3 (fixed version for 5.15.x), from 5.16.0 before 5.16.3 (fixed version for 5.16.x), from 6.0.0 before 6.0.3 (fixed version for 6.0.x), and from 6.1.0 before 6.1.2 (the fixed version for 6.1.x) allow remote attackers who have admin permissions to achieve remote code execution on a Bitbucket server instance via path traversal through the Data Center migration tool. | 9.0 |
| 2019-04-18 | CVE-2019-3398 | Path Traversal vulnerability in Atlassian Confluence Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. | 9.0 |