CVE-2021-39115

CVE Database · CVE-2021-39115

CVE-2021-39115

· HIGHModified

CVSS v3.1

7.2

EPSS

4.41%

Published

Sep 1, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. The affected versions are before version 4.13.9, and from version 4.14.0 before 4.18.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-96CWE-94

Affected Products (4)

atlassian · jira_service_desk (up to 4.13.9)vulnerable

atlassian · jira_service_management (up to 4.18.0)vulnerable

References (2)

https://jira.atlassian.com/browse/JSDSERVER-8665

Third Party Advisory

https://jira.atlassian.com/browse/JSDSERVER-8665

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs