Vulnerabilities > Atlassian > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-14 | CVE-2021-39123 | Unspecified vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gadget/1.0/createdVsResolved/generate endpoint. | 7.5 |
| 2021-09-01 | CVE-2021-39115 | Code Injection vulnerability in Atlassian Jira Service Desk Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. | 7.2 |
| 2021-09-01 | CVE-2021-39109 | Path Traversal vulnerability in Atlassian Atlasboard The renderWidgetResource resource in Atlasian Atlasboard before version 1.1.9 allows remote attackers to read arbitrary files via a path traversal vulnerability. | 7.5 |
| 2021-08-30 | CVE-2021-39113 | Insufficient Session Expiration vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to continue to view cached content even after losing permissions, via a Broken Access Control vulnerability in the allowlist feature. | 7.5 |
| 2021-08-02 | CVE-2017-18113 | Code Injection vulnerability in Atlassian Data Center and Jira The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution (RCE) vulnerability. | 8.8 |
| 2021-05-10 | CVE-2021-26077 | Improper Authentication vulnerability in Atlassian Connect Spring Boot Broken Authentication in Atlassian Connect Spring Boot (ACSB) in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. | 8.8 |
| 2021-04-16 | CVE-2021-26073 | Improper Authentication vulnerability in Atlassian Connect Express Broken Authentication in Atlassian Connect Express (ACE) from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. | 7.7 |
| 2021-03-22 | CVE-2021-26070 | Improper Authentication vulnerability in Atlassian Data Center and Jira Affected versions of Atlassian Jira Server and Data Center allow remote attackers to evade behind-the-firewall protection of app-linked resources via a Broken Authentication vulnerability in the `makeRequest` gadget resource. | 7.2 |
| 2021-02-22 | CVE-2021-26068 | Injection vulnerability in Atlassian Jira Server for Slack An endpoint in Atlassian Jira Server for Slack plugin from version 0.0.3 before version 2.0.15 allows remote attackers to execute arbitrary code via a template injection vulnerability. | 8.8 |
| 2021-02-19 | CVE-2020-12873 | Injection vulnerability in Atlassian Alfresco Enterprise Content Management An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. | 8.8 |