CVE-2023-22527
Atlassian Confluence Data Center and Server Template Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
100.0%
p100
KEV
SÍ
24 ene 2024
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Atlassian / Confluence Data Center and Server
Vulnerabilidad
Atlassian Confluence Data Center and Server Template Injection Vulnerability
Añadido a KEV
24 ene 2024
Remediar antes de
14 feb 2024
Uso conocido en ransomware
Sí
Descripción resumida
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html; https://nvd.nist.gov/vuln/detail/CVE-2023-22527