[FE-6714] Update Embedded Crowd library to version 2.8.8 that contains a fix for CWD-4790

Type: Bug
Resolution: Fixed
Priority: High
Fix Version/s: 4.2.0
Affects Version/s: None
Component/s: None
Labels:

Symptom Severity:
Severity 2 - Major
Bug Fix Policy:
View Atlassian Server bug fix policy

Update Embedded Crowd library to version 2.8.8 that contains a fix for ~~CWD-4790~~

relates to

CWD-4790 CVE-2016-6496: LDAP Java Object Injection in Crowd

Closed

Form Name

David Black added a comment - 30/Aug/2017 6:01 AM

CVSS v3 score: 8.1 => High severity

Exploitability Metrics

Attack Vector	Network
Attack Complexity	High
Privileges Required	None
User Interaction	None

Scope Metric

Scope	Unchanged

Impact Metrics

Confidentiality	High
Integrity	High
Availability	High

David Black added a comment - 30/Aug/2017 6:01 AM CVSS v3 score: 8.1 => High severity Exploitability Metrics Attack Vector Network Attack Complexity High Privileges Required None User Interaction None Scope Metric Scope Unchanged Impact Metrics Confidentiality High Integrity High Availability High

Assignee:: Kamil Cichy (Inactive)

Reporter:: alexmin (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 2 Start watching this issue

Created:: 15/Nov/2016 10:39 AM

Updated:: 30/Aug/2017 6:02 AM

Resolved:: 15/Nov/2016 10:39 AM

Details

Description

Attachments

Issue Links

Forms

Activity

Collapse comment: David Black added a comment - 30/Aug/2017 6:01 AM

Expand comment: David Black added a comment - 30/Aug/2017 6:01 AM

People

Dates