{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T00:59:19.952","vulnerabilities":[{"cve":{"id":"CVE-2021-43947","sourceIdentifier":"security@atlassian.com","published":"2022-01-06T01:15:07.917","lastModified":"2024-11-21T06:30:03.763","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Affected versions of Atlassian Jira Server and Data Center allow remote attackers with administrator privileges to execute arbitrary code via a Remote Code Execution (RCE) vulnerability in the Email Templates feature. This issue bypasses the fix of https://jira.atlassian.com/browse/JSDSERVER-8665. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3."},{"lang":"es","value":"Las versiones afectadas de Atlassian Jira Server y Data Center permiten a atacantes remotos con privilegios de administrador ejecutar código arbitrario por medio de una vulnerabilidad de Ejecución de Código Remota (RCE) en la funcionalidad Email Templates. Este problema evita la corrección de https://jira.atlassian.com/browse/JSDSERVER-8665. Las versiones afectadas son anteriores a versión 8.13.15, y desde versión 8.14.0 hasta 8.20.3."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*","versionEndExcluding":"8.13.15","matchCriteriaId":"2CCE06B7-9446-49F4-8B23-4544506E5143"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*","versionEndExcluding":"8.13.15","matchCriteriaId":"EFC89A4F-566E-4CF3-962C-5F0985A2A9BF"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*","versionStartIncluding":"8.14.0","versionEndExcluding":"8.20.3","matchCriteriaId":"BDD3421F-7C67-4A9E-BAE2-1FD74F921BB9"},{"vulnerable":true,"criteria":"cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*","versionStartIncluding":"8.14.0","versionEndExcluding":"8.20.3","matchCriteriaId":"9025C857-EC16-431D-B3F9-4F10BE17C8A4"}]}]}],"references":[{"url":"https://jira.atlassian.com/browse/JRASERVER-73067","source":"security@atlassian.com","tags":["Issue Tracking","Vendor Advisory"]},{"url":"https://jira.atlassian.com/browse/JRASERVER-73067","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Vendor Advisory"]}]}}]}