Description

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Remediation

References

CVE-2021-43940

Related Vulnerabilities

concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7725)

WordPress Plugin Payment Form for PayPal Pro Multiple Cross-Site Scripting Vulnerabilities (1.0.1)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3541)

Oracle HTTP Server CVE-2018-2760 Vulnerability (CVE-2018-2760)

Oracle Database Server CVE-2011-2230 Vulnerability (CVE-2011-2230)

Severity

High

Classification

CVE-2021-43940 CWE-427 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities