How severe is CVE-2017-18113?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2017-18113?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2017-18113 - HIGH Severity | CVSS 8.8

Vulnerability Description

The DefaultOSWorkflowConfigurator class in Jira Server and Jira Data Center before version 8.18.1 allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrary code via a Remote Code Execution (RCE) vulnerability. The vulnerability allowed for various problematic OSWorkflow classes to be used as part of workflows. The fix for this issue blocks usage of unsafe conditions, validators, functions and registers that are build-in into OSWorkflow library and other Jira dependencies. Atlassian-made functions or functions provided by 3rd party plugins are not affected by this fix.

Related Vulnerabilities

CVE-2009-1547

HIGH

CVSS:8.8(High)

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, a...

CWE-942009

CVE-2011-1265

HIGH

CVSS:8.8(High)

The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, ...

CWE-942011

CVE-2011-1830

HIGH

CVSS:8.8(High)

Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so.

CWE-942011

CVE-2012-0158

HIGH

CVSS:8.8(High)

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2...

CWE-942012

CVE-2012-0175

HIGH

CVSS:8.8(High)

The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitr...

CWE-942012

CVE-2014-4000

HIGH

CVSS:8.8(High)

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes...

CWE-942014