Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-27830 (GCVE-0-2026-27830)
Vulnerability from cvelistv5 – Published: 2026-02-26 00:45 – Updated: 2026-06-30 12:08
VLAI
EPSS
Title
c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property
Summary
c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually represents a `Map<String,Map<String,String>>`. Prior to v0.12.0, that property was maintained as a hex-encoded serialized object. Any attacker able to reset this property, on an existing `ConnectionPoolDataSource` or via maliciously crafted serialized objects or `javax.naming.Reference` instances could be tailored execute unexpected code on the application's `CLASSPATH`. The danger of this vulnerability was strongly magnified by vulnerabilities in c3p0's main dependency, mchange-commons-java. This library includes code that mirrors early implementations of JNDI functionality, including ungated support for remote `factoryClassLocation` values. Attackers could set c3p0's `userOverridesAsString` hex-encoded serialized objects that include objects "indirectly serialized" via JNDI references. Deserialization of those objects and dereferencing of the embedded `javax.naming.Reference` objects could provoke download and execution of malicious code from a remote `factoryClassLocation`. Although hazard presented by c3p0's vulnerabilites are exarcerbated by vulnerabilities in mchange-commons-java, use of Java-serialized-object hex as the format for a writable Java-Bean property, of objects that may be exposed across JNDI interfaces, represents a serious independent fragility. The `userOverridesAsString` property of c3p0 `ConnectionPoolDataSource` classes has been reimplemented to use a safe CSV-based format, rather than rely upon potentially dangerous Java object deserialization. c3p0-0.12.0+ and above depend upon mchange-commons-java 0.4.0+, which gates support for remote `factoryClassLocation` values by configuration parameters that default to restrictive values. c3p0 additionally enforces the new mchange-commons-java `com.mchange.v2.naming.nameGuardClassName` to prevent injection of unexpected, potentially remote JNDI names. There is no supported workaround for versions of c3p0 prior to 0.12.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
14 references
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| swaldman | c3p0 |
Affected:
< 0.12.0
|
|
| Red Hat | Red Hat JBoss EAP 8.1 for RHEL 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8 |
|
| Red Hat | Red Hat JBoss EAP 8.1 for RHEL 9 |
cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9 |
|
| Red Hat | Red Hat Satellite 6.18 for RHEL 9 |
cpe:/a:redhat:satellite:6.18::el9 cpe:/a:redhat:satellite_capsule:6.18::el9 cpe:/a:redhat:satellite_maintenance:6.18::el9 cpe:/a:redhat:satellite_utils:6.18::el9 |
|
| Red Hat | Red Hat Build of Debezium 3.2 |
cpe:/a:redhat:debezium:3 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 |
cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9 |
|
| Red Hat | Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11 |
cpe:/a:redhat:apache_camel_spring_boot:4.14 |
|
| Red Hat | Red Hat build of Debezium 2 |
cpe:/a:redhat:debezium:2 |
|
| Red Hat | Red Hat build of Debezium 3 |
cpe:/a:redhat:debezium:3 |
|
| Red Hat | Red Hat Fuse 7 |
cpe:/a:redhat:jboss_fuse:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | streams for Apache Kafka 2 |
cpe:/a:redhat:amq_streams:2 |
|
| Red Hat | Red Hat build of Apache Camel - HawtIO 4 |
cpe:/a:redhat:apache_camel_hawtio:4 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
|
| Red Hat | Red Hat Process Automation 7 |
cpe:/a:redhat:jboss_enterprise_bpms_platform:7 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27830",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-02T03:55:34.556407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-04T19:40:49.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss EAP 8.1 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss EAP 8.1 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.18::el9",
"cpe:/a:redhat:satellite_capsule:6.18::el9",
"cpe:/a:redhat:satellite_maintenance:6.18::el9",
"cpe:/a:redhat:satellite_utils:6.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.18 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:debezium:3"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Debezium 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform 8.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_spring_boot:4.14"
],
"defaultStatus": "affected",
"product": "Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:debezium:2"
],
"defaultStatus": "affected",
"product": "Red Hat build of Debezium 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:debezium:3"
],
"defaultStatus": "affected",
"product": "Red Hat build of Debezium 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "affected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "affected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:2"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4"
],
"defaultStatus": "unaffected",
"product": "Red Hat build of Apache Camel - HawtIO 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Process Automation 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-02-26T00:45:18.222Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in c3p0, a Java Database Connectivity (JDBC) Connection pooling library. This vulnerability allows an attacker to achieve arbitrary code execution by providing maliciously crafted Java-serialized objects or `javax.naming.Reference` instances. By manipulating the `userOverridesAsString` property, an attacker can cause the application to download and execute malicious code from a remote location on its CLASSPATH."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:08:05.254Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-27830"
},
{
"name": "RHBZ#2442908",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442908"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27830.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18054"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18055"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:4285"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18059"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:3890"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:18054: Red Hat JBoss EAP 8.1 for RHEL 8"
},
{
"lang": "en",
"value": "RHSA-2026:18055: Red Hat JBoss EAP 8.1 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:28385: Red Hat Satellite 6.18 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:4285: Red Hat Build of Debezium 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:18059: Red Hat JBoss Enterprise Application Platform 8.1"
},
{
"lang": "en",
"value": "RHSA-2026:3890: Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-26T01:01:56.834Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-02-26T00:45:18.222Z",
"value": "Made public."
}
],
"title": "c3p0: c3p0: Arbitrary Code Execution via deserialization of crafted objects",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "c3p0",
"vendor": "swaldman",
"versions": [
{
"status": "affected",
"version": "\u003c 0.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually represents a `Map\u003cString,Map\u003cString,String\u003e\u003e`. Prior to v0.12.0, that property was maintained as a hex-encoded serialized object. Any attacker able to reset this property, on an existing `ConnectionPoolDataSource` or via maliciously crafted serialized objects or `javax.naming.Reference` instances could be tailored execute unexpected code on the application\u0027s `CLASSPATH`. The danger of this vulnerability was strongly magnified by vulnerabilities in c3p0\u0027s main dependency, mchange-commons-java. This library includes code that mirrors early implementations of JNDI functionality, including ungated support for remote `factoryClassLocation` values. Attackers could set c3p0\u0027s `userOverridesAsString` hex-encoded serialized objects that include objects \"indirectly serialized\" via JNDI references. Deserialization of those objects and dereferencing of the embedded `javax.naming.Reference` objects could provoke download and execution of malicious code from a remote `factoryClassLocation`. Although hazard presented by c3p0\u0027s vulnerabilites are exarcerbated by vulnerabilities in mchange-commons-java, use of Java-serialized-object hex as the format for a writable Java-Bean property, of objects that may be exposed across JNDI interfaces, represents a serious independent fragility. The `userOverridesAsString` property of c3p0 `ConnectionPoolDataSource` classes has been reimplemented to use a safe CSV-based format, rather than rely upon potentially dangerous Java object deserialization. c3p0-0.12.0+ and above depend upon mchange-commons-java 0.4.0+, which gates support for remote `factoryClassLocation` values by configuration parameters that default to restrictive values. c3p0 additionally enforces the new mchange-commons-java `com.mchange.v2.naming.nameGuardClassName` to prevent injection of unexpected, potentially remote JNDI names. There is no supported workaround for versions of c3p0 prior to 0.12.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T00:45:18.222Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv"
},
{
"name": "https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e"
},
{
"name": "https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal",
"tags": [
"x_refsource_MISC"
],
"url": "https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal"
},
{
"name": "https://www.mchange.com/projects/c3p0/#configuring_security",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mchange.com/projects/c3p0/#configuring_security"
},
{
"name": "https://www.mchange.com/projects/c3p0/#security-note",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mchange.com/projects/c3p0/#security-note"
}
],
"source": {
"advisory": "GHSA-5476-xc4j-rqcv",
"discovery": "UNKNOWN"
},
"title": "c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27830",
"datePublished": "2026-02-26T00:45:18.222Z",
"dateReserved": "2026-02-24T02:32:39.800Z",
"dateUpdated": "2026-06-30T12:08:05.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-27830",
"date": "2026-07-06",
"epss": "0.00534",
"percentile": "0.41193"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-27830\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-26T01:16:24.583\",\"lastModified\":\"2026-06-30T03:17:57.933\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually represents a `Map\u003cString,Map\u003cString,String\u003e\u003e`. Prior to v0.12.0, that property was maintained as a hex-encoded serialized object. Any attacker able to reset this property, on an existing `ConnectionPoolDataSource` or via maliciously crafted serialized objects or `javax.naming.Reference` instances could be tailored execute unexpected code on the application\u0027s `CLASSPATH`. The danger of this vulnerability was strongly magnified by vulnerabilities in c3p0\u0027s main dependency, mchange-commons-java. This library includes code that mirrors early implementations of JNDI functionality, including ungated support for remote `factoryClassLocation` values. Attackers could set c3p0\u0027s `userOverridesAsString` hex-encoded serialized objects that include objects \\\"indirectly serialized\\\" via JNDI references. Deserialization of those objects and dereferencing of the embedded `javax.naming.Reference` objects could provoke download and execution of malicious code from a remote `factoryClassLocation`. Although hazard presented by c3p0\u0027s vulnerabilites are exarcerbated by vulnerabilities in mchange-commons-java, use of Java-serialized-object hex as the format for a writable Java-Bean property, of objects that may be exposed across JNDI interfaces, represents a serious independent fragility. The `userOverridesAsString` property of c3p0 `ConnectionPoolDataSource` classes has been reimplemented to use a safe CSV-based format, rather than rely upon potentially dangerous Java object deserialization. c3p0-0.12.0+ and above depend upon mchange-commons-java 0.4.0+, which gates support for remote `factoryClassLocation` values by configuration parameters that default to restrictive values. c3p0 additionally enforces the new mchange-commons-java `com.mchange.v2.naming.nameGuardClassName` to prevent injection of unexpected, potentially remote JNDI names. There is no supported workaround for versions of c3p0 prior to 0.12.0.\"},{\"lang\":\"es\",\"value\":\"c3p0, una biblioteca de pooling de conexiones JDBC, es vulnerable al ataque a trav\u00e9s de objetos serializados en Java creados maliciosamente e instancias de `javax.naming.Reference`. Varias implementaciones de `ConnectionPoolDataSource` de c3p0 tienen una propiedad llamada `userOverridesAsString` que representa conceptualmente un `Map\u0026gt;`. Antes de la v0.12.0, esa propiedad se manten\u00eda como un objeto serializado codificado en hexadecimal. Cualquier atacante capaz de restablecer esta propiedad, en un `ConnectionPoolDataSource` existente o a trav\u00e9s de objetos serializados creados maliciosamente o instancias de `javax.naming.Reference`, podr\u00eda ser manipulado para ejecutar c\u00f3digo inesperado en el `CLASSPATH` de la aplicaci\u00f3n. El peligro de esta vulnerabilidad fue fuertemente magnificado por vulnerabilidades en la dependencia principal de c3p0, mchange-commons-java. Esta biblioteca incluye c\u00f3digo que refleja implementaciones tempranas de la funcionalidad JNDI, incluyendo soporte sin restricciones para valores remotos de `factoryClassLocation`. Los atacantes podr\u00edan establecer objetos serializados codificados en hexadecimal de `userOverridesAsString` de c3p0 que incluyen objetos \u0027serializados indirectamente\u0027 a trav\u00e9s de referencias JNDI. La deserializaci\u00f3n de esos objetos y la desreferenciaci\u00f3n de los objetos `javax.naming.Reference` incrustados podr\u00edan provocar la descarga y ejecuci\u00f3n de c\u00f3digo malicioso desde un `factoryClassLocation` remoto. Aunque el peligro presentado por las vulnerabilidades de c3p0 se ve exacerbado por las vulnerabilidades en mchange-commons-java, el uso de hexadecimal de objetos serializados en Java como formato para una propiedad Java-Bean escribible, de objetos que pueden ser expuestos a trav\u00e9s de interfaces JNDI, representa una grave fragilidad independiente. La propiedad `userOverridesAsString` de las clases `ConnectionPoolDataSource` de c3p0 ha sido reimplementada para usar un formato seguro basado en CSV, en lugar de depender de la deserializaci\u00f3n de objetos Java potencialmente peligrosa. c3p0-0.12.0+ y versiones superiores dependen de mchange-commons-java 0.4.0+, que restringe el soporte para valores remotos de `factoryClassLocation` mediante par\u00e1metros de configuraci\u00f3n que por defecto son valores restrictivos. c3p0 adicionalmente impone el nuevo `com.mchange.v2.naming.nameGuardClassName` de mchange-commons-java para prevenir la inyecci\u00f3n de nombres JNDI inesperados, potencialmente remotos. No hay soluci\u00f3n alternativa soportada para versiones de c3p0 anteriores a la 0.12.0.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"swaldman\",\"product\":\"c3p0\",\"versions\":[{\"version\":\"\u003c 0.12.0\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss EAP 8.1 for RHEL 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss EAP 8.1 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.18 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.18::el9\",\"cpe:/a:redhat:satellite_capsule:6.18::el9\",\"cpe:/a:redhat:satellite_maintenance:6.18::el9\",\"cpe:/a:redhat:satellite_utils:6.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Build of Debezium 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:debezium:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 8.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_spring_boot:4.14\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Debezium 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:debezium:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Debezium 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:debezium:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Fuse 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_fuse:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat build of Apache Camel - HawtIO 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_hawtio:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform Expansion Pack\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jbosseapxp\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Process Automation 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_bpms_platform:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3\"]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.9,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"HIGH\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-02T03:55:34.556407Z\",\"id\":\"CVE-2026-27830\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"},{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"references\":[{\"url\":\"https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.mchange.com/projects/c3p0/#configuring_security\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.mchange.com/projects/c3p0/#security-note\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18054\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18055\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18059\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28385\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:3890\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:4285\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-27830\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2442908\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-27830.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27830\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-02T03:55:34.556407Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-27T16:25:47.891Z\"}}], \"cna\": {\"title\": \"c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property\", \"source\": {\"advisory\": \"GHSA-5476-xc4j-rqcv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.9, \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"HIGH\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"swaldman\", \"product\": \"c3p0\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.12.0\"}]}], \"references\": [{\"url\": \"https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv\", \"name\": \"https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e\", \"name\": \"https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal\", \"name\": \"https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.mchange.com/projects/c3p0/#configuring_security\", \"name\": \"https://www.mchange.com/projects/c3p0/#configuring_security\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.mchange.com/projects/c3p0/#security-note\", \"name\": \"https://www.mchange.com/projects/c3p0/#security-note\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually represents a `Map\u003cString,Map\u003cString,String\u003e\u003e`. Prior to v0.12.0, that property was maintained as a hex-encoded serialized object. Any attacker able to reset this property, on an existing `ConnectionPoolDataSource` or via maliciously crafted serialized objects or `javax.naming.Reference` instances could be tailored execute unexpected code on the application\u0027s `CLASSPATH`. The danger of this vulnerability was strongly magnified by vulnerabilities in c3p0\u0027s main dependency, mchange-commons-java. This library includes code that mirrors early implementations of JNDI functionality, including ungated support for remote `factoryClassLocation` values. Attackers could set c3p0\u0027s `userOverridesAsString` hex-encoded serialized objects that include objects \\\"indirectly serialized\\\" via JNDI references. Deserialization of those objects and dereferencing of the embedded `javax.naming.Reference` objects could provoke download and execution of malicious code from a remote `factoryClassLocation`. Although hazard presented by c3p0\u0027s vulnerabilites are exarcerbated by vulnerabilities in mchange-commons-java, use of Java-serialized-object hex as the format for a writable Java-Bean property, of objects that may be exposed across JNDI interfaces, represents a serious independent fragility. The `userOverridesAsString` property of c3p0 `ConnectionPoolDataSource` classes has been reimplemented to use a safe CSV-based format, rather than rely upon potentially dangerous Java object deserialization. c3p0-0.12.0+ and above depend upon mchange-commons-java 0.4.0+, which gates support for remote `factoryClassLocation` values by configuration parameters that default to restrictive values. c3p0 additionally enforces the new mchange-commons-java `com.mchange.v2.naming.nameGuardClassName` to prevent injection of unexpected, potentially remote JNDI names. There is no supported workaround for versions of c3p0 prior to 0.12.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-502\", \"description\": \"CWE-502: Deserialization of Untrusted Data\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-26T00:45:18.222Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-27830\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-04T19:40:49.642Z\", \"dateReserved\": \"2026-02-24T02:32:39.800Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-26T00:45:18.222Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2026-1608
Vulnerability from csaf_certbund - Published: 2026-05-19 22:00 - Updated: 2026-05-20 22:00Summary
Atlassian Produkte (Bamboo, Bitbucket, Confluence, Crucible, Fisheye und Jira): Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.
Confluence ist eine kommerzielle Wiki-Software.
Crucible ist eine Code-Review-Lösung für Unternehmensteams.
Fisheye ist ein Quellcode-Repository-Browser für Unternehmensteams.
Jira ist eine Webanwendung zur Softwareentwicklung.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence, Atlassian Crucible, Atlassian Fisheye und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Bamboo Data Center LTS <12.1.7
Atlassian / Bamboo
|
Data Center LTS <12.1.7 | ||
|
Atlassian Jira Data Center LTS <10.3.20
Atlassian / Jira
|
Data Center LTS <10.3.20 | ||
|
Atlassian Jira Data Center LTS <11.3.5
Atlassian / Jira
|
Data Center LTS <11.3.5 | ||
|
Atlassian Fisheye <4.9.10
Atlassian / Fisheye
|
<4.9.10 | ||
|
Atlassian Crucible <4.9.10
Atlassian / Crucible
|
<4.9.10 | ||
|
Atlassian Confluence Data Center LTS <9.2.20
Atlassian / Confluence
|
Data Center LTS <9.2.20 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Confluence Data Center LTS <10.2.11
Atlassian / Confluence
|
Data Center LTS <10.2.11 | ||
|
Atlassian Bitbucket Data Center LTS <9.4.19
Atlassian / Bitbucket
|
Data Center LTS <9.4.19 | ||
|
Atlassian Bitbucket Data Center LTS <10.2.2
Atlassian / Bitbucket
|
Data Center LTS <10.2.2 | ||
|
Atlassian Bamboo Data Center LTS <9.6.26
Atlassian / Bamboo
|
Data Center LTS <9.6.26 | ||
|
Atlassian Bamboo Data Center LTS <10.2.19
Atlassian / Bamboo
|
Data Center LTS <10.2.19 | ||
|
Atlassian Jira LTS <9.12.35
Atlassian / Jira
|
LTS <9.12.35 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nCrucible ist eine Code-Review-L\u00f6sung f\u00fcr Unternehmensteams.\r\nFisheye ist ein Quellcode-Repository-Browser f\u00fcr Unternehmensteams. \r\nJira ist eine Webanwendung zur Softwareentwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence, Atlassian Crucible, Atlassian Fisheye und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, und um Sicherheitsvorkehrungen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1608 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1608.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1608 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1608"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin Mai vom 2026-05-19",
"url": "https://confluence.atlassian.com/security/security-bulletin-may-19-2026-1786839142.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19098 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19098"
}
],
"source_lang": "en-US",
"title": "Atlassian Produkte (Bamboo, Bitbucket, Confluence, Crucible, Fisheye und Jira): Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-20T22:00:00.000+00:00",
"generator": {
"date": "2026-05-21T07:35:45.292+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1608",
"initial_release_date": "2026-05-19T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-20T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center LTS \u003c12.1.7",
"product": {
"name": "Atlassian Bamboo Data Center LTS \u003c12.1.7",
"product_id": "T054387"
}
},
{
"category": "product_version",
"name": "Data Center LTS 12.1.7",
"product": {
"name": "Atlassian Bamboo Data Center LTS 12.1.7",
"product_id": "T054387-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center_lts__12.1.7"
}
}
},
{
"category": "product_version_range",
"name": "Data Center LTS \u003c10.2.19",
"product": {
"name": "Atlassian Bamboo Data Center LTS \u003c10.2.19",
"product_id": "T054388"
}
},
{
"category": "product_version",
"name": "Data Center LTS 10.2.19",
"product": {
"name": "Atlassian Bamboo Data Center LTS 10.2.19",
"product_id": "T054388-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center_lts__10.2.19"
}
}
},
{
"category": "product_version_range",
"name": "Data Center LTS \u003c9.6.26",
"product": {
"name": "Atlassian Bamboo Data Center LTS \u003c9.6.26",
"product_id": "T054389"
}
},
{
"category": "product_version",
"name": "Data Center LTS 9.6.26",
"product": {
"name": "Atlassian Bamboo Data Center LTS 9.6.26",
"product_id": "T054389-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center_lts__9.6.26"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center LTS \u003c10.2.2",
"product": {
"name": "Atlassian Bitbucket Data Center LTS \u003c10.2.2",
"product_id": "T054391"
}
},
{
"category": "product_version",
"name": "Data Center LTS 10.2.2",
"product": {
"name": "Atlassian Bitbucket Data Center LTS 10.2.2",
"product_id": "T054391-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center_lts__10.2.2"
}
}
},
{
"category": "product_version_range",
"name": "Data Center LTS \u003c9.4.19",
"product": {
"name": "Atlassian Bitbucket Data Center LTS \u003c9.4.19",
"product_id": "T054392"
}
},
{
"category": "product_version",
"name": "Data Center LTS 9.4.19",
"product": {
"name": "Atlassian Bitbucket Data Center LTS 9.4.19",
"product_id": "T054392-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center_lts__9.4.19"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center LTS \u003c10.2.11",
"product": {
"name": "Atlassian Confluence Data Center LTS \u003c10.2.11",
"product_id": "T054393"
}
},
{
"category": "product_version",
"name": "Data Center LTS 10.2.11",
"product": {
"name": "Atlassian Confluence Data Center LTS 10.2.11",
"product_id": "T054393-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center_lts__10.2.11"
}
}
},
{
"category": "product_version_range",
"name": "Data Center LTS \u003c9.2.20",
"product": {
"name": "Atlassian Confluence Data Center LTS \u003c9.2.20",
"product_id": "T054394"
}
},
{
"category": "product_version",
"name": "Data Center LTS 9.2.20",
"product": {
"name": "Atlassian Confluence Data Center LTS 9.2.20",
"product_id": "T054394-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center_lts__9.2.20"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.9.10",
"product": {
"name": "Atlassian Crucible \u003c4.9.10",
"product_id": "T054395"
}
},
{
"category": "product_version",
"name": "4.9.10",
"product": {
"name": "Atlassian Crucible 4.9.10",
"product_id": "T054395-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:crucible:4.9.10"
}
}
}
],
"category": "product_name",
"name": "Crucible"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.9.10",
"product": {
"name": "Atlassian Fisheye \u003c4.9.10",
"product_id": "T054396"
}
},
{
"category": "product_version",
"name": "4.9.10",
"product": {
"name": "Atlassian Fisheye 4.9.10",
"product_id": "T054396-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:fisheye:4.9.10"
}
}
}
],
"category": "product_name",
"name": "Fisheye"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center LTS \u003c11.3.5",
"product": {
"name": "Atlassian Jira Data Center LTS \u003c11.3.5",
"product_id": "T054397"
}
},
{
"category": "product_version",
"name": "Data Center LTS 11.3.5",
"product": {
"name": "Atlassian Jira Data Center LTS 11.3.5",
"product_id": "T054397-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center_lts__11.3.5"
}
}
},
{
"category": "product_version_range",
"name": "Data Center LTS \u003c10.3.20",
"product": {
"name": "Atlassian Jira Data Center LTS \u003c10.3.20",
"product_id": "T054398"
}
},
{
"category": "product_version",
"name": "Data Center LTS 10.3.20",
"product": {
"name": "Atlassian Jira Data Center LTS 10.3.20",
"product_id": "T054398-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center_lts__10.3.20"
}
}
},
{
"category": "product_version_range",
"name": "LTS \u003c9.12.35",
"product": {
"name": "Atlassian Jira LTS \u003c9.12.35",
"product_id": "T054399"
}
},
{
"category": "product_version",
"name": "LTS 9.12.35",
"product": {
"name": "Atlassian Jira LTS 9.12.35",
"product_id": "T054399-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:lts__9.12.35"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13990",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2019-13990"
},
{
"cve": "CVE-2022-1471",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2022-23521",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2022-23521"
},
{
"cve": "CVE-2022-41903",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2022-41903"
},
{
"cve": "CVE-2023-22518",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2023-22518"
},
{
"cve": "CVE-2023-22522",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2023-22522"
},
{
"cve": "CVE-2023-22523",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2023-22523"
},
{
"cve": "CVE-2023-22524",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2023-22524"
},
{
"cve": "CVE-2023-22527",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2023-22527"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-46604",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2023-46604"
},
{
"cve": "CVE-2024-45801",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2025-52999",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2025-52999"
},
{
"cve": "CVE-2025-67030",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2025-67030"
},
{
"cve": "CVE-2026-22029",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-22029"
},
{
"cve": "CVE-2026-22732",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-22732"
},
{
"cve": "CVE-2026-24734",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-24734"
},
{
"cve": "CVE-2026-24880",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-24880"
},
{
"cve": "CVE-2026-25639",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-25639"
},
{
"cve": "CVE-2026-26960",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-26960"
},
{
"cve": "CVE-2026-27727",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-27727"
},
{
"cve": "CVE-2026-27830",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-27830"
},
{
"cve": "CVE-2026-29062",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-29062"
},
{
"cve": "CVE-2026-29129",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-29129"
},
{
"cve": "CVE-2026-29145",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-29145"
},
{
"cve": "CVE-2026-29146",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-29146"
},
{
"cve": "CVE-2026-29786",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-29786"
},
{
"cve": "CVE-2026-31802",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-31802"
},
{
"cve": "CVE-2026-33750",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-33750"
},
{
"cve": "CVE-2026-34483",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-34483"
},
{
"cve": "CVE-2026-34487",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-34487"
},
{
"cve": "CVE-2026-39304",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-39304"
},
{
"cve": "CVE-2026-42198",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-42198"
},
{
"cve": "CVE-2026-5598",
"product_status": {
"known_affected": [
"T054387",
"T054398",
"T054397",
"T054396",
"T054395",
"T054394",
"67646",
"T054393",
"T054392",
"T054391",
"T054389",
"T054388",
"T054399"
]
},
"release_date": "2026-05-19T22:00:00.000+00:00",
"title": "CVE-2026-5598"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…