In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated malicious user to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 prior to 7.4.11, from version 7.5.0 prior to 7.11.6, and from version 7.12.0 prior to 7.12.5.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
atlassian confluence server |
||
atlassian confluence data center |
Get our weekly newsletter 9.8-rated bug allows arbitrary code execution – possibly without authentication
Atlassian has warned users of its Confluence Server that they need to patch the product to remedy a Critical-rated flaw. The company's not saying a lot about CVE-2021-26084, besides describing it as a "Confluence Server Webwork OGNL injection vulnerability … that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance." The bug scores 9.8 on the ten-point Common Vulnerability Scoring System. Atlassi...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Malicious cyber actors go after 2021's biggest misses, spend less time on the classics
Security flaws in Log4j, Microsoft Exchange, and Atlassian's workspace collaboration software were among the bugs most frequently exploited by "malicious cyber actors" in 2021 , according to a joint advisory by the Five Eyes nations' cybersecurity and law enforcement agencies. It's worth noting that 11 of the 15 flaws on the list were disclosed in 2021, as previous years' lists often found miscreants exploiting the older vulns for which patches had been available for years. Of course, the US Cyb...