Main Vulnerability Database Vulnerabilities #VU59101

#VU59101 Code Injection in Jira Service Management Server - CVE-2021-39115

Published: December 28, 2021

Vulnerability identifier: #VU59101

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2021-39115

CWE-ID: CWE-94

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Jira Service Management Server

Software vendor:
Atlassian

Description

The vulnerability allows a remote privileged user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the Email Template feature. A remote user with "Jira Administrators" access can execute arbitrary Java code or run arbitrary system commands by injecting the code via the Email Template feature.

Remediation

Install updates from vendor's website.

External links

https://jira.atlassian.com/browse/JSDSERVER-8665

#VU59101 Code Injection in Jira Service Management Server - CVE-2021-39115

Description

Remediation

External links

Please verify you're human