CVE-2021-26084

Description

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.

References

https://www.wsj.com/politics/national-security/u-s-allies-issue-rare-warning-on-chinese-hacking-group-9eebb0ce

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-190a

https://www.imperva.com/blog/new-sysrv-botnet-variant-makes-use-of-google-subdomain-to-spread-xmrig-miner/?web_view=true

https://www.greynoise.io/blog/spike-in-atlassian-exploitation-attempts-patching-is-crucial

https://www.imperva.com/blog/imperva-detects-undocumented-8220-gang-activities/?web_view=true

https://www.tenable.com/blog/aa23-215a-2022s-top-routinely-exploited-vulnerabilities

https://www.tenable.com/blog/cisa-top-20-cves-exploited-peoples-republic-of-china-state-sponsored-actors-aa22-279a

https://www.tenable.com/cyber-exposure/a-look-inside-the-ransomware-ecosystem

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://www.microsoft.com/en-us/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/

https://therecord.media/confluence-and-gitlab-servers-targeted-by-new-ransomware-strain

https://www.tenable.com/blog/examining-the-treat-landscape

https://web.archive.org/web/20211025233339/https://twitter.com/pancak3lullz/status/1452679527197560837

https://www.tenable.com/blog/cve-2021-26084-atlassian-confluence-ognl-injection-vulnerability-exploited-in-the-wild

https://jira.atlassian.com/browse/CONFSERVER-67940

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3