Atlassian Confluence OGNL RCE Vulnerability
A critical vulnverability on Atlassian Confluence
A critical 0-day vulnerability on Atlassian Confluence Data Center and Server is actively being exploited in the wild. The vulnerability is established via the Object Graph Navigation Language (OGNL) injection that allows an unauthenticated user to execute arbitrary code. Learn More »
Common Vulnerabilities and Exposures
Background
A cybersecurity firm Volexity was responding to an attack incident, which revealed that the attack leveraged a 0-day vulnerability on Atlassian Confluence Server.
Threat Radar Overall Score: 4.6
CVSS Rating | 9.0 | |
FortiRecon Score | 96/100 | |
Known Exploited | Yes | |
Exploit Prediction Score | 97.53% | |
FortiGuard Telemetry | 30868 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
June 2, 2022: The vendor has released an advisory.
June 2, 2022: The Hacker News posted an article on Volexity's discovery of the 0-day.
June 3, 2022: The vendor has released their fixed.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Post-execution
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
-
Vulnerability Management
Vulnerability Blocks attack attempts related to Confluence OGNL vulnerability (CVE-2022-26134).
IPS Blocks attack attempts related to Confluence OGNL vulnerability (CVE-2022-26134).
Post-execution
Assisted Response Services Experts to assist you with analysis, containment and response activities.
Automated Response Services that can automaticlly respond to this outbreak.
NOC/SOC Training Train your network and security professionals and optimize your incident response to stay on top of the cyberattacks.
End-User Training Raise security awareness to your employees that are continuously being targetted by phishing, drive-by download and other forms of cyberattacks.
Attack Surface Hardening Check Security Fabric devices to build actionable configuration recommendations and key indicators.
Vulnerability Management Reduce the attack surface on software vulnerabilities via systematic and automated patching.
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
Mitre Matrix
Click here for the ATT&CK Matrix
References
Sources of information in support and relation to this Outbreak and vendor.