Lucene search
Security-metrics-botFE-7344HistoryFeb 03, 2021 - 10:39 p.m.
Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities
2021-02-0322:39:15
security-metrics-bot
jira.atlassian.com
35
0.794 High
EPSS
Percentile
98.3%
Update Atlassian Platform from 3.5.17 to 3.5.19. The new platform version brings changes in the following libraries:
- update com.atlassian.applinks:* from 5.4.21 to 5.4.23
- update com.atlassian.plugins:* from 4.4.10 to 4.4.14
- update com.atlassian.sal:* from 3.1.2 to 3.1.3
- update com.atlassian.streams:* from 6.3.4 to 6.3.5
Vulnerabilities fixed in Atlassian Platform 3.5.19:
- [CVE-2019-17571|https://vulners.com/cve/CVE-2019-17571] (removed unnecessary log4j dependency)
- [CVE-2020-5398|https://vulners.com/cve/CVE-2020-5398] (updated spring-web)
- [CVE-2020-13956|https://vulners.com/cve/CVE-2020-13956] (updated httpclient)
- [CVE-2018-1000613|https://vulners.com/cve/CVE-2018-1000613] (removed bouncycastle dependency)
Related
atlassian
atlassian
Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities
2021-02-03 22:39:15
Apache Log4j - Arbitrary Code Execution in confserver/confluence (master)
2020-03-02 03:58:39
Spring Framework Vulnerability - CVE-2020-5398
2020-02-17 06:00:21
nessus
nessus
Fedora 28 : bouncycastle (2018-e6894349c9)
2019-01-03 00:00:00
openSUSE Security Update : bouncycastle (openSUSE-2018-794)
2018-08-06 00:00:00
Oracle Linux 8 : maven:3.6 (ELSA-2022-1860)
2022-05-18 00:00:00
github
github
Deserialization of Untrusted Data in Bouncy castle
2018-10-17 16:23:12
Vulnerable dependency in XTDB connector
2021-12-16 18:53:32
Deserialization of Untrusted Data in Log4j
2020-01-06 18:43:49
zdt
zdt
OpenConext-EngineBlock 5.7.3 Cross Site Scripting Vulnerability
2018-07-13 00:00:00
cve
cve
CVE-2018-10006
2022-06-30 10:33:12
CVE-2018-1000613
2018-07-09 20:29:00
CVE-2020-13956
2020-12-02 17:15:00
cvelist
cvelist
CVE-2018-1000613
2018-07-09 20:00:00
CVE-2020-13956
2020-12-02 16:20:12
CVE-2019-17571
2019-12-20 16:01:21
prion
prion
Deserialization of untrusted data
2018-07-09 20:29:00
Deserialization of untrusted data
2019-12-20 17:15:00
Cross site request forgery (csrf)
2020-12-02 17:15:00
openvas
openvas
openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2018:2180-1)
2018-08-04 00:00:00
Debian: Security Advisory (DLA-2405-1)
2020-10-11 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0054-1)
2021-04-19 00:00:00
ubuntucve
ubuntucve
CVE-2018-1000613
2018-07-09 00:00:00
CVE-2020-13956
2020-12-02 00:00:00
CVE-2019-17571
2019-12-20 00:00:00
osv
osv
Deserialization of Untrusted Data in Bouncy castle
2018-10-17 16:23:12
CVE-2019-17571
2019-12-20 17:15:11
Moderate: maven:3.5 security update
2022-05-10 08:04:48
veracode
veracode
Remote Code Execution Via Deserialization
2018-07-16 04:44:10
Arbitrary Code Execution
2019-12-23 04:57:47
Validation Bypass
2020-10-12 04:02:04
redhatcve
redhatcve
CVE-2018-1000613
2018-07-13 21:19:06
CVE-2020-13956
2020-10-08 20:22:11
CVE-2020-5398
2020-02-06 17:44:24
debiancve
debiancve
CVE-2018-1000613
2018-07-09 20:29:00
CVE-2019-17571
2019-12-20 17:15:11
CVE-2020-13956
2020-12-02 17:15:00
f5
f5
K61529042 : Log4j vulnerability CVE-2019-17571
2020-04-08 00:00:00
ibm
ibm
oraclelinux
oraclelinux
maven:3.5 security update
2022-05-17 00:00:00
maven:3.6 security and enhancement update
2022-05-17 00:00:00
almalinux
almalinux
Moderate: maven:3.5 security update
2022-05-10 08:04:48
Moderate: maven:3.6 security and enhancement update
2022-05-10 08:04:46
rocky
rocky
maven:3.5 security update
2022-05-10 08:04:48
maven:3.6 security and enhancement update
2022-05-10 08:04:46
cgr
cgr
CVE-2020-13956 vulnerabilities
2024-05-19 03:07:16
redhat
redhat
(RHSA-2022:1861) Moderate: maven:3.5 security update
2022-05-10 08:04:48
(RHSA-2022:0722) Moderate: rh-maven36-httpcomponents-client security update
2022-03-01 14:04:58
amazon
amazon
Medium: httpcomponents-client
2023-02-17 00:11:00
Important: log4j
2022-01-18 20:15:00
debian
debian
[SECURITY] [DSA 4772-1] httpcomponents-client security update
2020-10-14 20:21:34
[SECURITY] [DSA 4686-1] apache-log4j1.2 security update
2020-05-15 22:17:02
cloudlinux
cloudlinux
Fixed CVE-2019-17571 in log4j
2022-06-21 20:23:31
mageia
mageia
Updated httpcomponents-client packages fix a security vulnerability
2021-07-07 02:12:30
wolfi
wolfi
CVE-2020-13956 vulnerabilities
2024-06-02 15:23:11
checkpoint_advisories
checkpoint_advisories
Apache Log4j Remote Code Execution (CVE-2019-17571)
2020-03-01 00:00:00
Vmware Spring Framework Remote Code Execution (CVE-2020-5398)
2022-10-03 00:00:00
ubuntu
ubuntu
Apache Log4j vulnerability
2020-09-15 00:00:00
Apache Log4j vulnerabilities
2023-04-05 00:00:00
symantec
symantec
freebsd
freebsd
Several Security Defects in the Bouncy Castle Crypto APIs
2018-06-30 00:00:00
Apache Maven -- multiple vulnerabilities
2021-04-04 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2019-12-25 16:46:11
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-13 19:14:23
centos
centos
log4j security update
2017-08-31 18:57:53
rosalinux
rosalinux
Advisory ROSA-SA-2021-1909
2021-07-02 17:26:24
fedora
fedora
[SECURITY] Fedora 28 Update: bouncycastle-1.60-1.fc28
2018-08-30 04:58:39
attackerkb
attackerkb
CVE-2019-17571
2019-12-20 00:00:00