CVE-2019-3396

Scores

EPSS

0.945High94.5%
0%20%40%60%80%100%

Percentile: 94.5%

CVSS

9.8Critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

nvd

CWEs

CWE-22

Related Vulnerabilities

Exploits

Exploit ID: 46731

Source: exploitdb

URL: https://www.exploit-db.com/exploits/46731

Exploit ID: 49465

Source: exploitdb

URL: https://www.exploit-db.com/exploits/49465

Exploit ID: CVE-2019-3396

Source: github-poc

URL: https://github.com/Avento/CVE-2019-3396-Memshell-for-Behinder

Vulnerable Software (2)

Type: Configuration

Vendor: atlassian

Product: confluence

Operating System: * * *

Trait:
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "6.6.12",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:a...

Source: nvd

Type: Configuration

Vendor: atlassian

Product: confluence_server

Operating System: * * *

Trait:
{
  "cpe_match": [
    {
      "cpe23uri": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*",
      "versionEndExcluding": "6.6.12",
      "vulnerable": true
    },
    {
      "cpe23uri": "cpe:2.3:a:a...

Source: nvd