Detections
Analytics
CVE-2021-26084
critical
Description
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
From the Tenable Blog
CVE-2021-26084: Atlassian Confluence OGNL Injection Vulnerability Exploited in the Wild
Published: 2021-09-07
Recently disclosed critical flaw in Atlassian Confluence Server is being exploited in the wild by attackers. Organizations should apply patches immediately. Background On August 25, Atlassian published a security advisory for a critical vulnerability in its Confluence Server and Data Center software.
References
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a
https://www.greynoise.io/blog/spike-in-atlassian-exploitation-attempts-patching-is-crucial
https://www.imperva.com/blog/imperva-detects-undocumented-8220-gang-activities/?web_view=true
https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities
https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem
https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective
https://therecord.media/confluence-and-gitlab-servers-targeted-by-new-ransomware-strain
https://www.tenable.com/blog/examining-the-treat-landscape
https://jira.atlassian.com/browse/CONFSERVER-67940
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html