CVE-2022-26134
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Jun 2, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
Product
Atlassian / Confluence Server/Data Center
Vulnerability
Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Added to KEV
Jun 2, 2022
Remediate by
Jun 6, 2022
Known ransomware use
Yes
Summary description
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.
Required action
Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-26134
No related CVEs by CWE or product.