Confluence Data Center and Server Remote Code Execution Vulnerability


The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in the Atlassian Confluence Data Center and Server, assessed its impact and developed mitigation measures.

Confluence Server is a software to manage documentation and knowledge bases with an ubiquitous presence across the globe. Identified as CVE-2024-21683, Confluence Data Center and Server before version 8.9.1(data center only), 8.5.9 LTS and 7.19.22 LTS allows an authenticated threat actor with the privilege of adding new macro languages to execute arbitrary code, earning a high CVSS score of 8.3. Confluence users are encouraged to upgrade their instances to the latest fixed version, as mentioned by the vendor in the advisory.

Read more…
Source: Sonicwall


Sign up for our Newsletter


Related:

  • Zero-Day Exploit Detection Using Machine Learning

    September 16, 2022

    Code injection is an attack technique widely used by threat actors to launch arbitrary code execution on victim machines through vulnerable applications. In 2021, the Open Web Application Security Project (OWASP) ranked it as third in the top 10 web application security risks. Given the popularity of code injection in exploits, signatures with pattern matches are ...

  • WordPress-powered sites backdoored after FishPig suffers supply chain attack

    September 15, 2022

    It’s only been a week or so, and obviously there are at least three critical holes in WordPress plugins and tools that are being exploited in the wild right now to compromise loads of websites. We’ll start with FishPig, a UK-based maker of software that integrates Adobe’s Magento ecommerce suite into WordPress-powered websites. FishPig’s distribution systems ...

  • A Post-exploitation Look at Coinminers Abusing WebLogic Vulnerabilities

    September 14, 2022

    Trend Micro researchers have recently observed malicious actors exploiting both recently disclosed and older Oracle WebLogic Server vulnerabilities to deliver cryptocurrency-mining malware. Oracle WebLogic Server is typically used for developing and deploying high-traffic enterprise applications on cloud environments and engineered and conventional systems. One of the older vulnerabilities that is still being actively exploited by malicious ...

  • Cisco won’t fix authentication bypass zero-day in EoL routers

    September 7, 2022

    Cisco says that a new authentication bypass flaw affecting multiple small business VPN routers will not be patched because the devices have reached end-of-life (EoL). This zero-day bug (CVE-2022-20923) is caused by a faulty password validation algorithm that attackers could exploit to log into the VPN on vulnerable devices using what the company describes as “crafted ...

  • Mirai Variant MooBot Targeting D-Link Devices

    September 6, 2022

    In early August, Unit 42 researchers discovered attacks leveraging several vulnerabilities in devices made by D-Link, a company that specializes in network and connectivity products. The vulnerabilities exploited include: CVE-2015-2051: D-Link HNAP SOAPAction Header Command Execution Vulnerability CVE-2018-6530: D-Link SOAP Interface Remote Code Execution Vulnerability CVE-2022-26258: D-Link Remote Command Execution Vulnerability CVE-2022-28958: D-Link Remote Command Execution Vulnerability If the devices ...

  • Google Chrome emergency update fixes new zero-day used in attacks

    September 2, 2022

    Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. “Google is aware of reports that an exploit for CVE-2022-3075 exists in the wild,” the company said in a security advisory published on Friday. This new version is rolling ...