CVE-2017-5983

{"id": "CVE-2017-5983", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-04-10T15:59:00.457", "references": [{"url": "http://codewhitesec.blogspot.com/2017/04/amf.html", "tags": ["Technical Description"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/97379", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://jira.atlassian.com/browse/JRASERVER-64077", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.kb.cert.org/vuls/id/307983", "tags": ["Third Party Advisory", "US Government Resource", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object."}, {"lang": "es", "value": "El complemento de JIRA Workflow Designer en Atlassian JIRA Server en versiones anteriores a 6.3.0 utiliza incorrectamente un analizador y deserializador XML, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario, leer archivos arbitrarios o provocar una denegaci\u00f3n de servicio a trav\u00e9s de un objeto Java serializado."}], "lastModified": "2017-04-15T01:01:33.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira:4.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E72FD8F4-B47B-4D45-81BC-281C7C88BF64"}, {"criteria": "cpe:2.3:a:atlassian:jira:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6392A0B-252B-4BE9-8381-882364CAF93D"}, {"criteria": "cpe:2.3:a:atlassian:jira:4.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5022C4F9-48A7-4995-994A-455F545CDB8F"}, {"criteria": "cpe:2.3:a:atlassian:jira:4.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A8EC6B1-A57B-4277-B904-CFFC2B1B8630"}, {"criteria": "cpe:2.3:a:atlassian:jira:4.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1F805A3-631D-4667-BF72-62A3DDDCDB2D"}, {"criteria": "cpe:2.3:a:atlassian:jira:4.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EDB91B1-7D20-4BCC-A512-6F75EF70BE94"}, {"criteria": "cpe:2.3:a:atlassian:jira:4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B02481E-5E51-423E-A5E7-630EB3DA5F99"}, {"criteria": "cpe:2.3:a:atlassian:jira:4.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3ED291F-4F1F-48BA-832C-A70B639BBDCD"}, {"criteria": "cpe:2.3:a:atlassian:jira:4.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C402D0FF-E479-480A-BB01-7932CF2BF2E0"}, {"criteria": "cpe:2.3:a:atlassian:jira:4.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "395E3ED3-3DA5-40A6-B932-36F9BF13FD76"}, {"criteria": "cpe:2.3:a:atlassian:jira:4.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41F1DD46-4FBD-40BC-B276-51C2B239BC4B"}, {"criteria": "cpe:2.3:a:atlassian:jira:4.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82FC7263-D0E3-490A-9DF6-ED89051354A4"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CB09662-5926-4AE5-BF22-B082ED223A46"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B83D3C97-BA63-44FB-8449-220AA6B31CC8"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7ED8C91-7225-439E-BEC6-BC8E23D86041"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F181716D-3B1E-493C-A92D-D02E90922EE2"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B86AA59-2C88-4113-85B1-0F8404155ED3"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25DAF540-7BB4-4325-9438-74F9F738519B"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D9E7034-3F9E-4CE3-81D0-6EB2E62F0437"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3046E68-3839-4B96-83B1-4F14AFFD8DF5"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65CB7DB0-F3CA-4037-A5FF-5D7F6678B314"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17A58D60-1085-4E64-8706-8EC8686D4904"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00339DCD-824D-46FA-9EFD-E4835BC7F52C"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED7C6417-0212-489D-9324-2C653E32566A"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C61E4B1-69D4-4278-B404-39293751033F"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8790F9F-C124-410A-BEE5-241341C5CA57"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C60F705C-ECF9-4F48-BE4C-CCB9E88E018B"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F008971D-88E6-4D60-8755-294FD157FBF2"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A224603-11AA-491D-9A06-8D573FEDDC83"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5117735-A248-44DD-B2B5-0A1D5CFB4977"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA863005-6CD1-4FEC-8A1A-6E62FC76952D"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "417098AA-30D0-4915-ACF8-135F59EB1493"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "693A0FEF-0803-419C-A718-DE80B984BA9D"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C401B65-113B-4046-8D36-7F139D05A4B7"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5AFE657-35A1-4F22-839C-4E2D89C78DA1"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7605C1DD-D26E-4ACF-8915-A2717079198C"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9720C8C4-36A4-4C8B-BB4B-1D1765C76728"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B79812D-7367-4D71-8B74-77785FAC9874"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A45A0EB-99CB-4EE9-BFBB-664D0AE91981"}, {"criteria": "cpe:2.3:a:atlassian:jira:5.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D006394-43B4-4250-87F5-38A2511BC0AE"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B83446EB-1A2B-4803-9D2A-DBF37A99C96C"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5989726-B934-4FF1-AB54-7DC77AC2C6EF"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D910A750-B5AB-48F1-9A33-0895901E0522"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCBB6BD7-5A95-4A8C-9965-F07A29C85AEF"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B482A552-EF34-4089-8A64-797D8C9BBE43"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F8F311F-B327-4541-BA23-C8CF578861B6"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E729C6C-799F-4574-B560-51DB7F58C3AC"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8717780D-1A19-4EE4-A526-6216EA360596"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FC850FE-63C9-4E6D-8B14-C8A2224E3FF0"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E129240D-BCC6-4EEF-820A-CF8EF835FE01"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAD25985-0587-4DD8-A6BD-DE610CB01175"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E2A1992-5247-4978-856A-4BAF064651F2"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8003B5E4-597A-4914-96D5-14C8DEAE9ED8"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BAE2AA2-A436-4F86-B775-DD358FA82FCB"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C182FE8-BA50-4782-8D04-825F57DDC5E9"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "243F34D7-287A-419C-B709-74869E55402C"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE4DE2F6-B3E1-45CA-A1F7-08691FD13FE4"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AED81FE-B027-4114-9A76-7F6B8A06A6BC"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "807D2B66-FE4F-4C83-A8C9-76F874C746BB"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E21E5768-4A73-431D-9720-55C120BA0C6D"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4715D04C-DC1D-42EA-AEB4-29E935DF34D1"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "352372E1-FA78-4D5F-B6B3-CA7F547BD7BC"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "254BC1E2-0E41-46EB-9E13-9BEF69B1D786"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E6E7BAD-1781-44FF-A347-64498630A26F"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B61076B-547D-4878-BDA0-C028820DA37C"}, {"criteria": "cpe:2.3:a:atlassian:jira:6.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8617A24-1894-48C7-8B05-0403183179E6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}