• Office Hours : 08:00 - 17:30

US officials warn of “mass exploitation” of Atlassian Confluence flaw

Hackers are exploiting a vulnerability in the on-premise Atlassian Confluence workplace collaboration platform on a massive scale, with businesses urged to patch their systems without delay.

US Cyber Command issued a public notice just before the weekend warning that mass exploitation of the remote code execution flaw tracked as CVE-2021-26084 is “ongoing and expected to accelerate”. 

“Please patch immediately if you haven’t already,” the notice added. “This cannot wait until after the weekend.”

Confluence is a workplace collaboration platform that allows teams to work together remotely on projects or ideas. 

The vulnerability, which is embedded in the Atlassian Confluence Server and Confluence Data Center products, can allow an unauthorised attacker to execute arbitrary code on either of the affected platforms. 

Confluence Cloud, which is hosted on public cloud environments, isn’t affected by the flaw. Rather, the on-premises versions of the product are those susceptible to exploitation.

It’s rated 9.8 on the CVSS threat severity scale out of ten, suggesting it’s highly exploitable. The firm had never publicly revealed the precise exploit mechanisms, though, beyond describing the flaw as a Confluence Server Webwork OGNL injection. This was presumably to avoid fuelling any future attacks before businesses had a chance to apply the fix. 

Atlassian disclosed this vulnerability a couple of weeks ago and urged businesses to patch their systems at the time. However, cyber criminals from around the world have since been detected as scanning for vulnerable systems and launching attacks.

Related Resource

Challenging the rules of security

Protecting data and simplifying IT management with Chrome OS

Whitepaper front coverWhitepaper front coverDownload now

The threat intelligence firm Bad Packets, for example, detected mass scanning and exploit activity from hosts in a number of regions including China and Brazil earlier last week.  

Atlassian previously addressed a serious vulnerability in its system that could allow hackers to compromise user accounts, and control several apps that users can access seamlessly through a single sign-on (SSO) feature.

This latest vulnerability in Confluence is just one of many serious vulnerabilities that have been exploited during 2021, with the rate of successfully abused zero-days surging over the last few months. 

Featured Resources

Ask more from your CMS

How to get the most value in the shortest timespan

Download now

Manufacturing modernisation: How to get there

Get your free guide to modernising your factories with mobile technology

Download now

Aberdeen Report: How a platform approach to security monitoring initiatives adds value

Integration, orchestration, analytics, automation, and the need for speed

Download now

Delivering personalised content for dummies

Map the customer journey across touchpoints and scale up with the cloud

Download now

See the original article here: ITPro

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.