CVE-2021-26084

critical

Description

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

From the Tenable Blog

CVE-2021-26084: Atlassian Confluence OGNL Injection Vulnerability Exploited in the Wild
CVE-2021-26084: Atlassian Confluence OGNL Injection Vulnerability Exploited in the Wild

Published: 2021-09-07

Recently disclosed critical flaw in Atlassian Confluence Server is being exploited in the wild by attackers. Organizations should apply patches immediately. Background On August 25, Atlassian published a security advisory for a critical vulnerability in its Confluence Server and Data Center software.

References

https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

https://www.wsj.com/politics/national-security/u-s-allies-issue-rare-warning-on-chinese-hacking-group-9eebb0ce

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

https://www.greynoise.io/blog/spike-in-atlassian-exploitation-attempts-patching-is-crucial

https://www.imperva.com/blog/imperva-detects-undocumented-8220-gang-activities/?web_view=true

https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities

https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/

https://www.tenable.com/blog/cisa-top-20-cves-exploited-peoples-republic-of-china-state-sponsored-actors-aa22-279a

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://www.microsoft.com/en-us/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/

https://therecord.media/confluence-and-gitlab-servers-targeted-by-new-ransomware-strain

https://www.tenable.com/blog/examining-the-treat-landscape

https://web.archive.org/web/20211025233339/https://twitter.com/pancak3lullz/status/1452679527197560837

https://www.tenable.com/blog/cve-2021-26084-atlassian-confluence-ognl-injection-vulnerability-exploited-in-the-wild

https://jira.atlassian.com/browse/CONFSERVER-67940

http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html

Details

Source: Mitre, NVD

Published: 2021-08-30

Updated: 2023-08-08

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical