1. Home
  2. CVE Database
  3. CVE-2021-43940
HIGH · 7.8

CVE-2021-43940

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Conflue...

Vulnerability Description

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AtlassianConfluence Data Center< 7.4.10
AtlassianConfluence Server< 7.4.10
MicrosoftWindows-

Related Weaknesses (CWE)

CWE-427

References

FAQ

What is CVE-2021-43940?

CVE-2021-43940 is a vulnerability with a CVSS score of 7.8 (HIGH). Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Conflue...

How severe is CVE-2021-43940?

CVE-2021-43940 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-43940?

Check the references section above for vendor advisories and patch information. Affected products include: Atlassian Confluence Data Center, Atlassian Confluence Server, Microsoft Windows.