DETECTION OVERVIEW

Atlassian Confluence Exploit - CVE-2021-26084

Risk Factors

Vulnerable Atlassian Confluence instances are being actively attacked. Simple exploit code is publicly available for this remote code execution (RCE) vulnerability. An unauthenticated attacker could gain complete control of a device, steal sensitive information, or launch additional attacks on the network.

Kill Chain

Exploitation

Risk Score

Attack Background

Object-Graph Navigation Language (OGNL) is an expression language for setting Java object properties in web applications. Atlassian Confluence Server and Data Center is a wiki tool with an OGNL injection vulnerability that allows an unauthenticated attacker to run arbitrary code on a server hosting Atlassian Confluence. An attacker creates an HTTP POST request that delivers malicious OGNL code to a web form. The malicious code runs on the server and the attacker can gain access to the server.

Mitigation Options

Upgrade to the latest version of Atlassian Confluence, 7.13.0

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases