CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-26133

SharedSecretClusterAuthenticator in Atlassian Bitbucket Data Center versions 5.14.0 and later before 7.6.14, 7.7.0 and later prior to 7.17.6, 7.18.0 and later prior to 7.18.4, 7.19.0 and later prior to 7.19.4, and 7.20.0 allow a remote, unauthenticated attacker to execute arbitrary code via Java deserialization.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.76

EPSS Ranking 98.9%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html
https://jira.atlassian.com/browse/BSERV-13173
https://confluence.atlassian.com/security/multiple-products-security-advisory-hazelcast-vulnerable-to-remote-code-execution-cve-2016-10750-1116292387.html
https://jira.atlassian.com/browse/BSERV-13173

Products affected by CVE-2022-26133

Atlassian » Bitbucket Data Center » Version: Any

cpe:2.3:a:atlassian:bitbucket_data_center:*
Atlassian » Bitbucket Data Center » Version: 7.20.0

cpe:2.3:a:atlassian:bitbucket_data_center:7.20.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26133

Products

Pricing

Contact Us