Vulnerability — CVE-2021-26084

CVE-2021-26084

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2021-26084
Description:: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
Last updated date:: 06/10/2022

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 09/24/2021
Reference url to background: https://www.paloaltonetworks.com/blog/security-operations/cve-2021-26084-linux-exploitation-in-the-wild/

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 11/03/2021
Reference url to background: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/31/2021
Reference url to background: https://github.com/carlosevieira/CVE-2021-26084

Type:: exploit
Confidence:: HIGH
Date of publishing:: 08/31/2021
Reference url to background: https://github.com/crowsec-edtech/CVE-2021-26084

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/01/2021
Reference url to background: https://github.com/h3v0x/CVE-2021-26084_Confluence

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/01/2021
Reference url to background: https://github.com/r0ckysec/CVE-2021-26084_Confluence

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/01/2021
Reference url to background: https://github.com/Vulnmachines/Confluence_CVE-2021-26084

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/01/2021
Reference url to background: https://github.com/tangxiaofeng7/CVE-2021-26084

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/06/2021
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/atlassian_confluence_webwork_ognl_injection.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/06/2021
Reference url to background: http://packetstormsecurity.com/files/164013/Confluence-Server-7.12.4-OGNL-Injection-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/08/2021
Reference url to background: https://github.com/toowoxx/docker-confluence-patched

Type:: exploit
Confidence:: HIGH
Date of publishing:: 09/16/2021
Reference url to background: http://packetstormsecurity.com/files/164122/Atlassian-Confluence-WebWork-OGNL-Injection.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 10/14/2021
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_webwork_ognl_injection.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/06/2022
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/atlassian_confluence_namespace_ognl_injection.rb

Type:: exploit
Confidence:: HIGH
Date of publishing:: 06/10/2022
Reference url to background: http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html