Skip to content
  • Why Deepwatch?
    • Squad Delivery Model
    • Deepwatch SecOps Platform
    • Deepwatch Secure Score
    • Deepwatch Labs
  • Solutions
    • Managed Detection and Response (MDR)
      • MDR Enterprise
      • MDR Essentials
    • Managed Extended Detection Response (MXDR)
    • Endpoint Detection and Response (EDR)
    • Vulnerability Management (VM)
    • Firewall Management Solution
  • Company
    • About
    • Leadership
    • Careers
    • Contact
  • Partners
    • Channel Partners
    • Technology Alliance Partners
  • Resources
    • Resource Library
    • Blog
    • Case Studies
    • eBooks
    • Whitepapers
    • Datasheets
    • Video
    • Newsroom
    • Events
  • Search
  • Ready to Talk?
09.01.21

Customer Advisory for Awareness | Confluence Enterprise Server & Data Center are Being Actively Exploited

By Deepwatch, 

Key Points:

  • Active exploitation has been spotted for Confluence Enterprise Server and Data Center software versions which are routinely self-hosted.
  • Threat actors are exploiting CVE-2021-26084, an OGNL injection vulnerability, and proof-of-concept has been released.
  • Atlassian released patches on August 25 and advises all customers running affected software to upgrade to version 7.13.0 (LTS). If you are unable to upgrade then there is a temporary workaround.

Summary

A vulnerability, with a severity score of 9.8, in Confluence Enterprise Server and Data Center software is currently being actively exploited and revealed by a Vietnamese security researcher Tuan Anh Nguyen when he Tweeted on August 31 that “mass scans have already started”, with threat actors and bug bounty hunters looking for systems vulnerable to CVE-2021-26084. Soon after the exploitation was spotted, two security researchers, Rahul Maini and Harsh Jaiswal published an in-depth explanation of the how-to exploit the vulnerability with several proof-of-concept payloads on GitHub.

Atlassian released patches on August 25 and said “An OGNL injection vulnerability exists that would allow an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.” 

The vulnerability impacts the following Confluence Enterprise Server and Data Center versions:

  • Before version 6.13.23.
  • Versions 6.14.0 to 7.4.11.
  • Version 7.5.0 to 7.11.6.
  • Version 7.12.0 to 7.12.5.

Deepwatch Threat Intelligence Outlook

Deepwatch Threat Intelligence Team has high confidence that increased scanning and exploitation will occur over the next several months. It is highly likely that Ransomware and crypto-mining inspired Threat Actors will also adopt scanning for this vulnerability in their playbooks as another technique to gain the initial access into victim organizations. 

Deepwatch highly encourages customers to upgrade to version 7.13.0 (LTS) or higher. If you are unable to upgrade then it is recommended to run one of the scripts provided by Atlassian as a temporary workaround:

  • Confluence Server or Data Center running on Linux.
  • Confluence Server or Data Center running on Windows.

Learn more about Deepwatch Managed Detection and Response here.

Subscribe to the Deepwatch Insights Blog

Post navigation

Previous post

Customer Advisory for Awareness | Azure Cosmos DB Flaw Could Allow for Complete Database Compromise

Next post

Significant Cyber Event | Exchange Exploitation and Labor Day Weekend

Deepwatch

DENVER
OFFICE & SOC

7800 East Union Avenue
Suite 900
Denver, CO 80237 USA
855.303.3033

TAMPA
OFFICE & SOC

4030 W Boy Scout Blvd.
Suite 550
Tampa, FL 33607 USA
855.303.3033

[email protected]

Why Deepwatch

  • Squad Delivery Model
  • Deepwatch SecOps Platform
  • Deepwatch Secure Score
  • Deepwatch Labs

Solutions

  • Managed Detection and Response (MDR)
  • MDR Essentials
  • MDR Enterprise
  • Managed Extended Detection Response (MXDR)
  • Endpoint Detection and Response (EDR)
  • Vulnerability Management (VM)
  • Firewall Management Solution

Company

  • About Us
  • Leadership
  • Careers
  • Contact

Resources

  • Resource Library
  • Insights Blog
  • News
  • Events

Partners

  • Channel Partners
  • Technology Alliance Partners

Contact

  • Let's Talk
  • Customer Login
  • Partner Login
GDPR Badge PCI Badge SOC2 Badge TRUSTe
LinkedIn Twitter YouTube YouTube

© Copyright 2023 Deepwatch incorporated

Trust | Sitemap | Privacy Policy