Confluence Data Center and Server Remote Code Execution Vulnerability


The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in the Atlassian Confluence Data Center and Server, assessed its impact and developed mitigation measures.

Confluence Server is a software to manage documentation and knowledge bases with an ubiquitous presence across the globe. Identified as CVE-2024-21683, Confluence Data Center and Server before version 8.9.1(data center only), 8.5.9 LTS and 7.19.22 LTS allows an authenticated threat actor with the privilege of adding new macro languages to execute arbitrary code, earning a high CVSS score of 8.3. Confluence users are encouraged to upgrade their instances to the latest fixed version, as mentioned by the vendor in the advisory.

Read more…
Source: Sonicwall


Sign up for our Newsletter


Related:

  • CISA Releases Six Industrial Control Systems Advisories

    September 26, 2023

    CISA released six Industrial Control Systems (ICS) advisories on September 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-269-01 Suprema BioStar 2 ICSA-23-269-02 Hitachi Energy Asset Suite 9 ICSA-23-269-03 Mitsubishi Electric FA Engineering Software Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: CISA Adds Three Known Exploited Vulnerabilities to Catalog  

  • Emergency update: Apple patches three zero-days

    September 22, 2023

    Apple has released security updates for several products to address a handful of zero-day vulnerabilities that may already have been used by criminals. Updates are available for: iOS 16.7 and iPadOS 16.7 iOS 17.0.1 and iPadOS 17.0.1 watchOS 9.6.3 watchOS 10.0.1 macOS Ventura 13.6 macOS Monterey 12.7 Safari 16.6.1 The updates may already have reached you in your regular update routines, but it ...

  • CISA Releases Six Industrial Control Systems Advisories

    September 21, 2023

    CISA released six Industrial Control Systems (ICS) advisories on September 21, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-264-01 Real Time Automation 460 Series ICSA-23-264-02 Siemens Spectrum Power 7 ICSA-23-264-03 Delta Electronics DIAScreen Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: ISC Releases Security Advisories for BIND 9   

  • Africa among regions with highest number of industrial systems under attack in the first half of 2023

    September 21, 2023

    In the first half of 2023 Africa had the highest percentage of ICS computers on which spyware was blocked (9,8%) JOHANNESBURG, South Africa – Malicious objects of all types were detected and blocked on 34% of Industrial Control System (ICS) computers in the first half of 2023, according to the ICS CERT landscape report (https://apo-opa.info/3LwG719) by ...

  • CISA Releases Four Industrial Control Systems Advisories

    September 19, 2023

    CISA released four Industrial Control Systems (ICS) advisories on September 19, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-262-01 Siemens SIMATIC PCS neo Administration Console ICSA-23-262-03 Omron Engineering Software Zip-Slip Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: CISA Adds One Known Exploited Vulnerability to Catalog  

  • ThemeBleed exploit is another reason to patch Windows quickly

    September 18, 2023

    Included in the September 2023 Patch Tuesday updates was a fix for a vulnerability which has been dubbed ThemeBleed. A Proof-of-Concept (PoC) exploit has been released by Gabe Kirkpatrick, one of the researchers acknowledged for reporting the vulnerability. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The ThemeBleed vulnerability was listed ...