SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Vulnerabilities Patched in Atlassian, Cisco Products

Atlassian and Cisco have released patches for multiple high-severity vulnerabilities, including remote code execution bugs.

Atlassian and Cisco this week announced patches for multiple high-severity vulnerabilities in their products, including flaws leading to remote code execution.

Atlassian released seven updates that address four high-severity flaws impacting third-party dependencies in Bamboo, Confluence, and Jira, including some that were publicly disclosed nearly six years ago.

A denial-of-service (DoS) issue in Netplex Json-smart that could be exploited without authentication was resolved with fixes for Bamboo Data Center and Server, Jira Data Center and Server, and Jira Service Management Data Center and Server. The security defect is tracked as CVE-2024-57699.

The security updates for Jira and Jira Service Management also resolve an XXE (XML External Entity Injection) bug leading to a DoS condition, tracked as CVE-2021-33813.

Confluence Data Center and Server received patches for two vulnerabilities, including a DoS flaw in the Netty application framework (tracked as CVE-2025-24970), and an XXE bug in the libjackson-json-java library (CVE-2019-10172).

Atlassian makes no mention of any of these vulnerabilities being exploited in the wild against its products.

On Wednesday, Cisco rolled out patches for three security defects in Webex App, Secure Network Analytics, and Nexus Dashboard.

Webex App received fixes for a high-severity flaw, tracked as CVE-2025-20236, that allows attackers to execute arbitrary code remotely by convincing a user to click on a crafted meeting invite link and download arbitrary files.

Advertisement. Scroll to continue reading.

Updates released for Secure Network Analytics versions 7.5.0, 7.5.1, and 7.5.2 resolve a medium-severity issue that could allow authenticated attackers to obtain shell access with root privileges. 

In Nexus Dashboard, the tech giant resolved a medium-severity bug that could allow unauthenticated, remote attackers to determine usernames that are valid LDAP user accounts.

Cisco says it is not aware of any of these vulnerabilities being exploited in the wild. Additional information can be found on the company’s security advisories page.

Related: Oracle Patches 180 Vulnerabilities With April 2025 CPU

Related: SonicWall Patches High-Severity Vulnerability in NetExtender

Related: Juniper Networks Patches Dozens of Junos Vulnerabilities

Related: Fortinet Patches Critical FortiSwitch Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Virtual Event: Threat Detection and Incident Response Summit
May 21, 2025

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Webinar: Which Security Testing Approach is Right for You?
March 25, 2025

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

Network security policy management firm FireMon has appointed Alex Bender as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.