Original Issue Date: September 10, 2021
Severity Rating: HIGH
Software Affected
Confluence Server and Data Center versions 4.x.x
Confluence Server and Data Center versions 5.x.x
Confluence Server and Data Center versions 6.0.x to 6.12.x
Confluence Server and Data Center versions 6.13.x before 6.13.23
Confluence Server and Data Center versions 6.14.x to 6.15.x
Confluence Server and Data Center versions 7.0.x to 7.3.x
Confluence Server and Data Center versions 7.4.x before 7.4.11
Confluence Server and Data Center versions 7.5.x to 7.10.x
Confluence Server and Data Center versions 7.11.x before 7.11.6
Confluence Server and Data Center versions 7.12.x before 7.12.5
Overview
A Vulnerability has been reported in Confluence Server and Data Center which could allow an unauthenticated attacker to execute arbitrary code on the targeted system.
Description
A Vulnerability exists in Confluence Server and Data Center due to an OGNL injection flaw. A remote attacker could exploit this vulnerability by sending a specially-crafted request on targeted system.
Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the targeted system.
Solution
This vulnerability is being exploited actively. Users are advised to apply appropriate fixes as issued by vendor in the following link urgently:
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
Disclaimer
The information provided herein is on “as is” basis, without warranty of any kind.