Atlassian Jira Service Management — known CVE vulnerabilities
Every CVE whose affected-product data names Atlassian Jira Service Management, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2022-0540 — CVSS 9.8 (critical): A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP…
CVE-2020-36239 — CVSS 9.8 (critical): Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0…
CVE-2019-13990 — CVSS 9.8 (critical): initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job…
CVE-2022-26136 — CVSS 9.8 (critical): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third…
CVE-2023-22501 — CVSS 9.1 (critical): An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate…
CVE-2024-21683 — CVSS 8.8 (high): This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE…
CVE-2022-26137 — CVSS 8.8 (high): A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked…
CVE-2021-39115 — CVSS 7.2 (high): Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to…
CVE-2022-26135 — CVSS 6.5 (medium): A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the…
CVE-2021-43959 — CVSS 5.7 (medium): Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to access the content of…
CVE-2021-43943 — CVSS 4.8 (medium): Affected versions of Atlassian Jira Service Management Server and Data Center allow attackers with administrator privileges to inject…
CVE-2021-43951 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import…
CVE-2021-43950 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view import source…
CVE-2021-43949 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects…
CVE-2021-43948 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of…
CVE-2022-36800 — CVSS 4.3 (medium): Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the "Browse Users" permission…