Vulnerability Details : CVE-2012-2928
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors.
Vulnerability category: Denial of service
Products affected by CVE-2012-2928
- cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:confluence_server:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:*:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:gliffy:gliffy:2.1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-2928
1.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-2928
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:P |
10.0
|
4.9
|
NIST |
CWE ids for CVE-2012-2928
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2928
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75697
Atlassian JIRA XML denial of service CVE-2012-2928 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2012-05-17
JIRA Security Advisory 2012-05-17 - Atlassian DocumentationMitigation;Vendor Advisory
-
http://confluence.atlassian.com/display/DOC/Confluence+Security+Advisory+2012-05-17
Confluence Security Advisory 2012-05-17 - Atlassian DocumentationMitigation;Vendor Advisory
Jump to