x
Limited Time Offer: Save up to 20% on a new CIS SecureSuite Membership | Learn more
×
Why CIS Solutions Join CIS Resources
CIS WorkBench Sign-in CIS WorkBench Sign In CIS Hardened Images CIS Hardened Images Support CIS Support


Why CIS

Who We Are

CIS is an independent, nonprofit organization with a mission to create confidence in the connected world



About Us Leadership Principles Testimonials

Solutions

secure your organization
Secure Your Organization


secure specific platforms
Secure Specific Platforms


cis securesuite CIS SecureSuite® Learn More      Apply Now  
u s state local tribal and territorial governments
U.S. State, Local, Tribal & Territorial Governments


View All Products & Services  

Join CIS

Get Involved

Join CIS as a member, partner, or volunteer - or explore our career opportunities



CIS SecureSuite® Membership Multi-State ISAC (MS-ISAC®) Elections Infrastructure ISAC (EI-ISAC®) CIS CyberMarket® Vendors CIS Communities Careers

Resources

resources
Resources


learn
Learn


filter by topic
Filter by Topic


View All Resources  
CIS Logo Show Search Expand Menu

A Vulnerability in Confluence Server and Data Center Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2021-107

DATE(S) ISSUED:

09/03/2021

OVERVIEW:

A vulnerability has been discovered in Confluence Server and Data Center, which could allow for arbitrary code execution. Confluence is a wiki tool used to help teams collaborate and share knowledge efficiently. Successful exploitation of this vulnerability could allow an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. Depending on the privileges associated with the instance, an attacker could view, change, or delete data.

THREAT INTELLIGENCE:

US Cyber Command has reported mass exploitation of CVE-2021-26084 and anticipates accelerated attack volume.

SYSTEMS AFFECTED:

  • Confluence Server and Data Center all versions prior to 6.13.23
  • Confluence Server and Data center versions from 6.14.0 prior to 7.4.11
  • Confluence Server and Data Center versions from 7.5.0 prior to 7.11.6
  • Confluence Server and Data Center versions 7.12.x prior to 7.12.5

RISK:

Government:
  • Large and medium government entities: MEDIUM
  • Small government entities: MEDIUM
Businesses:
  • Large and medium business entities: MEDIUM
  • Small business entities: MEDIUM
Home Users: NA  

TECHNICAL SUMMARY:

A vulnerability has been discovered in Confluence Server and Data Center Could Allow for Arbitrary Code Execution. An OGNL injection could allow an authenticated user, and in some instances an unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance. The vulnerable endpoints can only be accessed if ‘Allow people to sign up to create there account’ is enabled. Successful exploitation of this vulnerability could allow an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance. Depending on the privileges associated with the instance, an attacker could view, change, or delete data.

RECOMMENDATIONS:

We recommend the following actions be taken:
  • Apply appropriate patches provided by Atlassian to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Evaluate read, write, and execute permissions on all newly installed software.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:

Atlassian:

https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html  

CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26084  

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Information Hub : Advisories


CONTROL: 1 --- ADVISORY CONTROL: 0
CONTROL: 2 --- ADVISORY CONTROL: 0
CONTROL: 3 --- ADVISORY CONTROL: 0
CONTROL: 4 --- ADVISORY CONTROL: 0