← Zuruck zu CVEs
CVE-2022-26134
CRITICALCISA KEV9.8
Beschreibung
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
CVE Details
CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht6/3/2022
Zuletzt geandert10/24/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerAtlassian
ProduktConfluence Server/Data Center
SchwachstellennameAtlassian Confluence Server and Data Center Remote Code Execution Vulnerability
KEV Aufnahmedatum2022-06-02
Behebungsfrist2022-06-06
Ransomware-NutzungKnown
Betroffene Produkte
atlassian:confluence_data_centeratlassian:confluence_server
Schwachen (CWE)
CWE-917CWE-917
Referenzen
http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html(security@atlassian.com)
http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html(security@atlassian.com)
http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html(security@atlassian.com)
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html(security@atlassian.com)
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html(security@atlassian.com)
https://jira.atlassian.com/browse/CONFSERVER-79016(security@atlassian.com)
http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html(af854a3a-2127-422b-91ae-364da2661108)
https://jira.atlassian.com/browse/CONFSERVER-79016(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26134(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.