Intrusion PreventionAtlassian.Confluence.CVE-2021-26084.Remote.Code.Execution
Description
This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Atlassian Confluence.
The vulnerability is due to insufficient input validation while handling a malicious request. A remote attacker may be able to exploit this to execute arbitrary code via a crafted HTTP request.
Outbreak Alert
View the full Outbreak Alert Report
FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and global critical infrastructure to conduct espionage, steal data, and compromise or destroy sensitive information.
Affected Products
atlassian:confluence prior to 6.13.23
atlassian:confluence 6.14.0 to 7.4.11
atlassian:confluence 7.5.0 to 7.11.6
atlassian:confluence 7.12.0 to 7.12.5
atlassian:data_center prior to 6.13.23
atlassian:data_center 6.14.0 to 7.4.11
atlassian:data_center 7.5.0 to 7.11.6
atlassian:data_center 7.12.0 to 7.12.5
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor
https://jira.atlassian.com/browse/CONFSERVER-67940
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 50727 |
| Created | Sep 08, 2021 |
| Updated | Jun 20, 2022 |
| Outbreak Alert | CISAtop20_PRC2022 Russian Cyber Espionage |
| Threat Signal | View Report |
| Risk |
|
| CVE ID | CVE-2021-26084 |
| Known Exploited | Yes |
| Exploit Prediction Score | 97.36% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Other |