Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20238 | 1 Atlassian | 1 Crowd | 2019-02-26 | 5.5 MEDIUM | 8.1 HIGH |
| Various rest resources in Atlassian Crowd before version 3.2.7 and from version 3.3.0 before version 3.3.4 allow remote attackers to authenticate using an expired user session via an insufficient session expiration vulnerability. | |||||
| CVE-2016-10740 | 1 Atlassian | 1 Crowd | 2019-01-31 | 4.0 MEDIUM | 4.9 MEDIUM |
| Various resources in Atlassian Crowd before version 2.10.1 allow remote attackers with administration rights to learn the passwords of configured LDAP directories by examining the responses to requests for these resources. | |||||
| CVE-2016-6496 | 1 Atlassian | 1 Crowd | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x before 2.9.5 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. | |||||