Atlassian has released new Confluence Server and Data Center versions to address remote code execution vulnerability CVE-2022-26134 affecting these products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely, create new admin accounts, and conduct other malicious activity such as deploy ransomware. Last Friday, a proof-of-concept exploit for the Atlassian Confluence vulnerability was publicly posted. By Sunday, the cybersecurity firm GreyNoise had observed 211 unique IP addresses attempting to exploit the vulnerability. Based on the severity of this vulnerability and its active exploitation in the wild, CISA strongly urges organizations to review Confluence Security Advisory 2022-06-02 and upgrade Confluence Server and Confluence Data Center. Read more at CISA.
You are here
Related Resources
Jun 28, 2024 in Cybersecurity, in OT-ICS Security, in Security Preparedness
Jun 27, 2024 in Cybersecurity, in Security Preparedness
Jun 27, 2024 in Cybersecurity, in OT-ICS Security, in Security Preparedness