Published: 01/07/2013 Updated: 17/05/2024

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Atlassian Crowd 2.6.3 allows remote malicious users to execute arbitrary commands via unspecified vectors related to a "symmetric backdoor." NOTE: as of 20130704, the vendor could not reproduce the issue, stating "We've been unable to substantiate the existence of [CVE-2013-3926]. The author of the article has not contacted Atlassian and has provided no detail, making it difficult to validate the claim... If we can confirm that there is a vulnerability, a patch will be issued.

Vulnerable Product	Search on Vulmon	Subscribe to Product
atlassian crowd 2.6.3

Atlassian plugs XML parsing vulnerability

The Register • Richard Chirgwin • 01 Jul 2013

Denies reports of a second vuln

Cloud provider Atlassian has moved to patch what a security researcher describes as a backdoor in its enterprise single sign-on Crowd service. However, the company is disputing Command Five's assertion that a second, as-yet-unpatched vulnerability remains. Command Five's advisory states that XML DTD (document type definition) parsing gave attackers a means to “retrieve files from the target network, make HTTP requests on the target network, or carry out a Denial of Service attack.” As the ad...

CVE-2013-3926

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect