{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T03:25:21.820","vulnerabilities":[{"cve":{"id":"CVE-2021-39114","sourceIdentifier":"security@atlassian.com","published":"2022-04-05T04:15:08.707","lastModified":"2024-11-21T06:18:36.020","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5."},{"lang":"es","value":"Las versiones afectadas de Atlassian Confluence Server y Data Center permiten a los usuarios con una cuenta válida en una instancia de Confluence Data Center ejecutar código Java arbitrario o ejecutar comandos del sistema arbitrarios mediante la inyección de una carga útil OGNL. Las versiones afectadas son las versiones anteriores a 6.13.23, desde la versión 6.14.0 hasta la 7.4.11, desde la versión 7.5.0 hasta la 7.11.6 y desde la versión 7.12.0 hasta la 7.12.5"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*","versionEndExcluding":"6.13.23","matchCriteriaId":"6A28735F-4827-4410-8B0B-C209ECD21DFC"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.0","versionEndExcluding":"7.4.11","matchCriteriaId":"FA5224DF-97AB-4D8E-B66D-FC65A1333531"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*","versionStartIncluding":"7.5.0","versionEndExcluding":"7.11.6","matchCriteriaId":"E776BF66-74F1-4D8E-9099-42A4E5EEE300"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*","versionStartIncluding":"7.12.0","versionEndExcluding":"7.12.5","matchCriteriaId":"E11303D6-258F-4FAC-A868-BF506E7F5A4E"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*","versionEndExcluding":"6.13.23","matchCriteriaId":"6D1FF67F-3FB4-4C0C-8263-3D4CA00A02CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*","versionStartIncluding":"6.14.0","versionEndExcluding":"7.4.11","matchCriteriaId":"F5CCD4D0-6BC7-442A-9D4D-43841FE40F3E"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.5.0","versionEndExcluding":"7.11.6","matchCriteriaId":"DF59072C-9911-4035-A75A-27D882988919"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*","versionStartIncluding":"7.12.0","versionEndExcluding":"7.12.5","matchCriteriaId":"BFEE2534-EBEF-438B-B616-ED4FFBC9246E"}]}]}],"references":[{"url":"https://jira.atlassian.com/browse/CONFSERVER-68844","source":"security@atlassian.com","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://jira.atlassian.com/browse/CONFSERVER-68844","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]}]}}]}