virus logo Intrusion Prevention

Atlassian.Confluence.CVE-2021-26084.Remote.Code.Execution

description-logoDescription

This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Atlassian Confluence.
The vulnerability is due to insufficient input validation while handling a malicious request. A remote attacker may be able to exploit this to execute arbitrary code via a crafted HTTP request.

description-logoOutbreak Alert

Joint Cybersecurity Advisory (CSA) has released the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by Peoples Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). Previously, FortiGuard labs has already published various Outbreaks Alerts included in the released CISA's advisory such as: Apache Log4j, Hikvision Webserver Vulnerability, Atlassian Confluence OGNL RCE Vulnerability, Microsoft Exchange Server RCE Vulnerabilities etc. See the full list at: https://www.fortiguard.com/outbreak-alert Links to dedicated reports on each published outbreak by FortiGuard Labs are added to Additional Resources section below.

View the full Outbreak Alert Report

FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and global critical infrastructure to conduct espionage, steal data, and compromise or destroy sensitive information.

View the full Outbreak Alert Report

affected-products-logoAffected Products

atlassian:confluence prior to 6.13.23
atlassian:confluence 6.14.0 to 7.4.11
atlassian:confluence 7.5.0 to 7.11.6
atlassian:confluence 7.12.0 to 7.12.5
atlassian:data_center prior to 6.13.23
atlassian:data_center 6.14.0 to 7.4.11
atlassian:data_center 7.5.0 to 7.11.6
atlassian:data_center 7.12.0 to 7.12.5

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor
https://jira.atlassian.com/browse/CONFSERVER-67940

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2025-01-02 29.930
Modified
 Sig Added
2022-06-21 21.342
Modified
 Sig Added
2021-10-18 18.180
Modified
 Sig Added
2021-10-06 18.171
Modified
 Default_action:pass:drop
2021-09-29 18.167
Modified
 Sig Added
2021-09-16 18.159
Modified
 Sig Added
2021-09-08 18.154
New

References

https://jira.atlassian.com/browse/CONFSERVER-67940
ID 50727
Created Sep 08, 2021
Updated Jan 02, 2025
CVE ID
Tags CISAtop20_PRC2022 Russian Cyber Espionage Threat Signal
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 94.42%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other
Profile Type Permission/Privilege/Access Control