Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Project:Atlassian
Product:Confluence Server/Data Center
Date Added:2022-06-02Due Date::2022-06-06
Vulnerability Name
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Description
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.
Known To Be Used in Ransomware Campaigns?
Known
Action
Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-26134