U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

USCYBERCOM and CISA warn organizations to fix CVE-2021-26084 Confluence flaw

USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend.  US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend. Government experts are aware of the ongoing […]

Atlassian Confluence CVE-2023-22515

USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend. 

US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend.

Government experts are aware of the ongoing mass exploitation of the CVE-2021-26084 flaw and believe it could rapidly accelerate.

Threat actors started exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. At the time of this writing, experts only observed threat actors exploiting the issue to deliver cryptocurrency miners, but attackers could start exploiting them to deliver other malware, including ransomware.

Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product.

Atlassian Confidence

The flaw is an OGNL injection issue that can be exploited by an authenticated attacker to execute arbitrary code on affected Confluence Server and Data Center instances.

“An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. ” reads the advisory published by the company.

The issue was discovered by Benny Jacob (SnowyOwl) through the Atlassian public bug bounty program, the vulnerability received a CVSS score of 9.8.

Affected versions are:

  • version < 6.13.23
  • 6.14.0 ≤ version < 7.4.11
  • 7.5.0 ≤ version < 7.11.5
  • 7.12.0 ≤ version < 7.12.5

Researchers from Threat intelligence firm Bad Packets detected mass scanning and exploit activity targeting Atlassian Confluence servers vulnerable to the above RCE.

CISA also published a security advisory to urge admins to apply the Confluence security updates released on August 25, 2021by Atlassian.

“On August 25, 2021, Atlassian released security updates to address a remote code execution vulnerability (CVE-2021-26084) affecting Confluence Server and Data Center. Recently, CVE-2021-26084 has been detected in exploits in the wild. A remote attacker could exploit this vulnerability to take control of an affected system.” reads the CISA’s alert. “CISA urges users and administrators to review Atlassian Security Advisory 2021-08-25 and immediately apply the necessary updates.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)

[adrotate banner=”5″]

[adrotate banner=”13″]