Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Remote code execution vulns hit Atlassian kit

Remote code execution vulns hit Atlassian kit

2015/01/22

The Register - (International) Atlassian has released updates to patch a serious vulnerability, an Object-Graph Navigation Language (OGNL) double evaluation vulnerability found in all versions of its Confluence, Bamboo, FishEye, and Crucible products that could allow an attacker to execute Java code of their choice on systems that use the affected frameworks as long as they can access their Web interfaces.

Source: http://www.theregister.co.uk/2015/01/22/atlassian_vulns/

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:14