Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Multiple high severity in Atlassian Confluence, Jira and Bamboo for Servers and Data Centres, DoS and XML External Entity Injection, Patch Immediately!
Image
Publié : 23/04/2025
- Last update: 23/04/2025
- Affected software:
→ Atlassian Bamboo Data Center and Server
→ Confluence Data Center and Server
→ Jira Data Center and Server
→ Jira Service Management Data Center and Server- Type: Denial of Service & XML External Entity Injection
- CVE/CVSS
→ CVE-2021-33813: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
→ CVE-2024-57699: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
→ CVE-2025-24970: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
→ CVE-2019-10172: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Sources
https://confluence.atlassian.com/security/security-bulletin-april-15-2025-1540723536.html
Risks
On the 15th April 2025, Atlassian published a security bulletin about several high severity vulnerabilities impacting multiple different versions of Confluence, Jira and Bamboo for servers and data centres. These products are essential for normal workings in a lot of organisations, making them high-value targets for hackers that want to disrupt an organisation.
The exploitation of these vulnerabilities could severely impact the Availability and Integrity of the affected systems.
Note: We only highlight what we assess to be the most important vulnerabilities, please refer to the Oracle security alert for a detailed overview of all the vulnerabilities.
Description
CVE-2024-57699 allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation and cause a DoS when loading a specially crafted JSON input.
CVE-2019-10172 allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation.
CVE-2021-33813 allows an attacker to access local and remote content and cause a denial of service via a crafted HTTP request.
CVE-2025-24970 allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation and cause a DoS when receiving a special crafted packet.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://confluence.atlassian.com/security/security-bulletin-april-15-2025-1540723536.html
https://jira.atlassian.com/browse/BAM-26070
https://jira.atlassian.com/browse/CONFSERVER-99540
https://jira.atlassian.com/browse/JSWSERVER-26359
https://jira.atlassian.com/browse/JSDSERVER-16154
https://jira.atlassian.com/browse/JSDSERVER-16144
https://jira.atlassian.com/browse/JRASERVER-78717
https://jira.atlassian.com/browse/CONFSERVER-99547
https://nvd.nist.gov/vuln/detail/CVE-2024-57699
https://nvd.nist.gov/vuln/detail/CVE-2021-33813
https://nvd.nist.gov/vuln/detail/CVE-2025-24970