In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HAtlassian Confluence Data Center
APPAtlassian< 6.13.236.14.0 – 7.4.11 (bez)7.5.0 – 7.11.6 (bez)7.12.0 – 7.12.5 (bez)Atlassian Confluence Server
APPAtlassian< 6.13.236.14.0 – 7.4.11 (bez)7.5.0 – 7.11.6 (bez)7.12.0 – 7.12.5 (bez)
CISA KEV — szczegółyi
- Dostawcai
- Atlassian ↗
- Produkti
- Confluence Server and Data Center
- Data dodania do KEVi
- 3 listopada 2021
- Termin remediation (USA)i
- 17 listopada 2021(po terminie)
- Ransomwarei
- Aktywne kampanie ransomware używają tej podatności
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Serwery Atlassian Confluence Server i Data Server zawierają lukę podatności OGNL (Object-Graph Navigation Language) injection, która może umożliwić nieuwierzytelnionemu atakującemu wykonanie kodu.
▸ Pokaż oryginał (EN)
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.
Powiązane podatności
RCE via template injection w Atlassian Confluence Data Center i Server
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Imprope...
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have...
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user acc...
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would a...