Main Vulnerability Database Exploits ID:7211 - Exploit for Code Injection in Jira Service Management Server - CVE-2021-39115

ID:7211 - Exploit for Code Injection in Jira Service Management Server - CVE-2021-39115

Published: December 28, 2021

Vulnerability identifier: #VU59101

Vulnerability risk: Low

CVE-ID: CVE-2021-39115

CWE-ID: CWE-94

Exploitation vector: Remote access

Vulnerable software:
Jira Service Management Server

Link to public exploit:

https://github.com/PetrusViet/CVE-2021-39115

Vulnerability description

The vulnerability allows a remote privileged user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the Email Template feature. A remote user with "Jira Administrators" access can execute arbitrary Java code or run arbitrary system commands by injecting the code via the Email Template feature.

Remediation

Install updates from vendor's website.

ID:7211 - Exploit for Code Injection in Jira Service Management Server - CVE-2021-39115

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human