CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-3925

Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and 2.4.9 allows remote attackers to read arbitrary files and send HTTP requests to intranet servers via a request to (1) /services/2 or (2) services/latest with a DTD containing an XML external entity declaration in conjunction with an entity reference.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.4%

CVSS Severity

CVSS v2 Score 5.8

References

Products affected by CVE-2013-3925

Atlassian » Crowd » Version: 2.3.8

cpe:2.3:a:atlassian:crowd:2.3.8
Atlassian » Crowd » Version: 2.4.9

cpe:2.3:a:atlassian:crowd:2.4.9
Atlassian » Crowd » Version: 2.5.0

cpe:2.3:a:atlassian:crowd:2.5.0
Atlassian » Crowd » Version: 2.5.1

cpe:2.3:a:atlassian:crowd:2.5.1
Atlassian » Crowd » Version: 2.5.2

cpe:2.3:a:atlassian:crowd:2.5.2
Atlassian » Crowd » Version: 2.5.3

cpe:2.3:a:atlassian:crowd:2.5.3
Atlassian » Crowd » Version: 2.6.0

cpe:2.3:a:atlassian:crowd:2.6.0
Atlassian » Crowd » Version: 2.6.1

cpe:2.3:a:atlassian:crowd:2.6.1
Atlassian » Crowd » Version: 2.6.2

cpe:2.3:a:atlassian:crowd:2.6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-3925

Products

Pricing

Contact Us