CVE-2021-43940

Affected versions of Atlassian Confluence Server and Data Center allow authenticated local attackers to achieve elevated privileges on the local system via a DLL Hijacking vulnerability in the Confluence installer. This vulnerability only affects installations of Confluence Server and Data Center on Windows. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.

Published: Feb 15, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-43940
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.9
AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-427

Affected Software
References

Software	From	Fixed in
atlassian / confluence_data_center	-	7.4.10
atlassian / confluence_data_center	7.5.0	7.12.3
atlassian / confluence_server	-	7.4.10
atlassian / confluence_server	7.5.0	7.12.3

https://jira.atlassian.com/browse/CONFSERVER-66550

Vulnerability Database

289,784

CVE-2021-43940