Researchers are alerting the public that an important Atlassian Confluence vulnerability that was published last week is currently being aggressively exploited.
Researchers claim that Confluence Server 7.18.0 is affected by the significant unauthorized, remote code execution vulnerability CVE-2022-26134, and they believe that both Confluence Server and Data Center versions 7.4.0 are at risk.
Atlassian advises clients to disable access to their servers using one of two methods because there are no updates available:
- Preventing access to the internet for Confluence Server and Data Center instances.
- Confluence Server and Data Center instances can be disabled.
The hard-coded details were published on Twitter after the real-world exploitation, which prompted the Australian software business to give it the top priority in its patching schedule.
It’s important to remember that the flaw only manifests itself when the Questions for Confluence app is turned on. However, since the created account is not automatically deleted after the Questions for Confluence program has been uninstalled, doing so does not fix the problem.
Federal organizations must stop all internet acc
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: