|
|
|||
| Rule General Information |
|---|
| Release Date: | 2022-03-29 | |
| Rule Name: | Atlassian Confluence Server and Data Center OGNL Injection Vulnerability (CVE-2021-26084) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Others | |
| Reference: | https://jira.atlassian.com/browse/CONFSERVER-67940 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://support.atlassian.com/confluence-server/ |