1. Home
  2. CVE Database
  3. CVE-2021-39114
HIGH · 8.8

CVE-2021-39114

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands b...

Vulnerability Description

Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AtlassianConfluence Data Center< 6.13.23
AtlassianConfluence Server< 6.13.23

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2021-39114?

CVE-2021-39114 is a vulnerability with a CVSS score of 8.8 (HIGH). Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands b...

How severe is CVE-2021-39114?

CVE-2021-39114 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-39114?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Confluence Data Center, Atlassian Confluence Server.