Hello Support. 

I'm a security analyst and I work directly with vulnerabilities. According to your text, this vulnerability (CVE-2020-36239 ) only affects the products: Jira Data Center, Jira Core Data Center, Jira Software Data Center and Jira Service Management Data Center.

Our scanner identified the vulnerability CVE-2020-36239. But at this server, it's installed olny the Jira Server. 

I am analyzing if it is a possible false positive, but I would like to verify with you, if there is not the possibility that this vulnerability also affects other products? The affected products (Data Center and Service Management), to my knowledge of Atlassian, it's products that centralizes several other products in the same application, right? 

Thinking about this scenario, I imagine that there is sharing of resources, libraries and applications between products, for example, between the Jira Core Data Center and Jira Server. And if what I am reporting is correct, then there is a possibility that this vulnerability affects other products.

Our scanner identified other vulnerabilities: 

CVE-2021-39128, CVE-2017-18113, CVE-2021-39123, CVE-2021-39112, CVE-2021-39118, CVE-2021-39122, CVE-2021-39119, CVE-2021-39113, CVE-2021-26081, CVE-2021-26086, CVE-2020-36289, CVE-2020-36287, CVE-2020-36238, CVE-2020-36286, CVE-2020-36237, CVE-2021-39117, CVE-2021-26082, CVE-2021-26083, CVE-2021-26071, CVE-2021-39116, CVE-2021-39124, CVE-2021-39111, CVE-2021-26080, CVE-2021-26079, CVE-2021-26078, CVE-2020-36288, CVE-2021-39121, CVE-2021-26075 and CVE-2021-26076

And all of then (I checked one by one) it's related always to Jira Server and Jira Data Center.

Only this CVE-2020-36239 it's just for Jira Data Center and Service Management. 

Can you guys check please. Any doubts I am available. 

Thank you very much.