Every CVE whose affected-product data names Atlassian Crowd, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2022-26136 — CVSS 9.8 (critical): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third…
CVE-2022-43782 — CVSS 9.8 (critical): Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and…
CVE-2016-6496 — CVSS 9.8 (critical): The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via…
CVE-2012-2926 — CVSS 9.1 (critical): Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6…
CVE-2022-26137 — CVSS 8.8 (high): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked…
CVE-2023-22521 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. This RCE…
CVE-2018-20238 — CVSS 8.1 (high): Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to…
CVE-2017-18105 — CVSS 8.1 (high): The console login resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers, who…
CVE-2026-21569 — CVSS 7.9 (high): This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This…
CVE-2019-20104 — CVSS 7.5 (high): The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to…
CVE-2017-18106 — CVSS 7.5 (high): The identifier_hash for a session token in Atlassian Crowd before version 2.9.1 could potentially collide with an identifier_hash for…
CVE-2019-20902 — CVSS 7.5 (high): Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and…
CVE-2013-3926 — CVSS 7.5 (high): Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor."…
CVE-2017-18108 — CVSS 7.2 (high): The administration SMTP configuration resource in Atlassian Crowd before version 2.10.2 allows remote attackers with administration rights…
CVE-2017-16858 — CVSS 6.8 (medium): The 'crowd-application' plugin module (notably used by the Google Apps plugin) in Atlassian Crowd from version 1.5.0 before version 3.1.2…
CVE-2017-18107 — CVSS 6.5 (medium): Various resources in the Crowd Demo application of Atlassian Crowd before version 3.1.1 allow remote attackers to modify add, modify and…
CVE-2017-18110 — CVSS 6.5 (medium): The administration backup restore resource in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows…
CVE-2017-18109 — CVSS 6.1 (medium): The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers…
CVE-2013-3925 — CVSS 5.8 (medium): Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP…
CVE-2018-20239 — CVSS 5.4 (medium): Application Links before version 5.0.11, from version 5.1.0 before 5.2.10, from version 5.3.0 before 5.3.6, from version 5.4.0 before…
CVE-2020-36240 — CVSS 5.3 (medium): The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote…
CVE-2016-10740 — CVSS 4.9 (medium): Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of…
CVE-2019-15005 — CVSS 4.3 (medium): The Atlassian Troubleshooting and Support Tools plugin prior to version 1.17.2 allows an unprivileged user to initiate periodic log scans…