vulnerability

Atlassian Confluence: Uncontrolled Search Path Element (CVE-2021-43940)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Feb 15, 2022	Mar 1, 2022	Sep 18, 2024

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Feb 15, 2022

Added

Mar 1, 2022

Modified

Sep 18, 2024

Description

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Solution

References

CVE-2021-43940
https://attackerkb.com/topics/CVE-2021-43940

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today