Atlassian is prompting its enterprise customers to patch a critical vulnerability in many versions of its Jira Data Center products. The vulnerability tracked as CVE-2020-36239 can give remote attackers arbitrary code execution abilities, due to a missing authentication flaw in Jira’s implementation of Ehcache, an open-source component. Jira products include: Jira Core Data Center Jira Software Data Center, and Jira Service Management Data Center. Atlassian recommends that customers upgrade to latest version of the products, and also restrict access to the Ehcache RMI ports.
Source: https://www.bleepingcomputer.com/news/security/atlassian-asks-customers-to-patch-critical-jira-vulnerability/