Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Affected versions of Atlassian Confluence Server and Data Center allow users with a valid account on a     Confluence Data Center instance to execute arbitrary Java code or run arbitrary system commands by     injecting an OGNL payload. The affected versions are before version 6.13.23, from version 6.14.0 before     7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. (CVE-2021-39114)

Note that Nessus relies on the presence of the package as reported by the vendor.

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 6.13.23, 6.14.x prior to 7.4.11, 7.5.x prior to 7.11.6 or 7.12.x prior to 7.12.5. It is, therefore, affected by an OGNL injection vulnerability that would allow an attacker with a valid account on the instance to execute arbitrary Java code or run arbitrary system commands by injecting an OGNL payload.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
262699	Linux Distros Unpatched Vulnerability : CVE-2021-39114	Nessus	Misc.	high
113671	Atlassian Confluence 7.12.x < 7.12.5 RCE Via OGNL Injection	Web App Scanning	Component Vulnerability	high
113670	Atlassian Confluence 7.5.x < 7.11.6 RCE Via OGNL Injection	Web App Scanning	Component Vulnerability	high
113669	Atlassian Confluence 6.14.x < 7.4.11 RCE Via OGNL Injection	Web App Scanning	Component Vulnerability	high
113668	Atlassian Confluence < 6.13.23 RCE Via OGNL Injection	Web App Scanning	Component Vulnerability	high

Detections

Analytics

CVE-2021-39114

high

Tenable Plugins

high

high

high

high

high