Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2019-20419

Published

3 years ago

Last Modified

1 year ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

High

Impact Analysis

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5, and from version 8.6.0 before 8.7.2..

CVSSv2.0 Score

Severity: Medium
Base Score: 4.4/10
Exploit Score: 3.4/10
Access Vector: Local
Access Complexity: Medium
Authentication Required: None
Impact Score: 6.4/10
Confidentiality Impact: Partial
Availability Impact: Partial
Integrity Impact: Partial

CVSSv3.1 Score

Severity: High
Base Score: 7.8/10
Exploit Score: 1.8/10
Access Vector: Local
Access Complexity: Low
Privileges Required: None
Impact Score: 5.9/10
Confidentiality Impact: High
Availability Impact: High
Integrity Impact: High
Scope: Unchanged
User Interaction: Required

Products Affected

CPE	Affected	Vulnerable	Excluding
cpe:2.3:a:atlassian:jira_server::::::::	Yes	8.6.0	8.7.2
cpe:2.3:a:atlassian:jira_data_center::::::::	Yes	8.6.0	8.7.2
cpe:2.3:a:atlassian:jira_server::::::::	Yes	-	8.5.5
cpe:2.3:a:atlassian:jira_data_center::::::::	Yes	-	8.5.5

References

https://jira.atlassian.com/browse/JRASERVER-70945