Critical severity9.8NVD Advisory· Published Apr 10, 2017· Updated May 13, 2026
CVE-2017-5983
CVE-2017-5983
Description
The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object.
Affected products
66cpe:2.3:a:atlassian:jira:4.2.4:*:*:*:*:*:*:*+ 65 more
- cpe:2.3:a:atlassian:jira:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:4.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2.11:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:atlassian:jira:6.2.7:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- www.securityfocus.com/bid/97379nvdThird Party AdvisoryVDB Entry
- confluence.atlassian.com/jira063/jira-security-advisory-2017-03-09-875604401.htmlnvdVendor Advisory
- jira.atlassian.com/browse/JRASERVER-64077nvdVendor Advisory
- www.kb.cert.org/vuls/id/307983nvdThird Party AdvisoryUS Government ResourceVDB Entry
- codewhitesec.blogspot.com/2017/04/amf.htmlnvdTechnical Description
News mentions
0No linked articles in our index yet.