DETECTION OVERVIEW

Atlassian Confluence Exploit - CVE-2022-26134

Risk Factors

Simple exploit code is publicly available for this remote code execution (RCE) vulnerability. An unauthenticated attacker can gain complete control of a device, steal sensitive information, or launch additional attacks on the network.

Kill Chain

Exploitation

Risk Score

Attack Background

Object-Graph Navigation Language (OGNL) is an expression language for setting Java object properties in web applications. Atlassian Confluence has an OGNL injection vulnerability that enables attackers to run arbitrary code on the server. An attacker sends an HTTP request with injected, URL-encoded OGNL fragments to the Confluence server. These fragments include a malicious command. The server processes the OGNL fragments, running the malicious command. Command output is sent to the attacker in an HTTP response from the server.

Mitigation Options

Upgrade to Confluence Server and Data Center 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 or 7.18.1

Professional Services

Partners

Partner Login

Partner Finder

View All Use Cases

View All Industries

View All Integrations

Attack Background

Mitigation Options

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use cases