← Voltar para CVEs
CVE-2022-26134
CRITICALCISA KEV9.8
Descricao
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado6/3/2022
Ultima modificacao10/24/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorAtlassian
ProdutoConfluence Server/Data Center
Nome da vulnerabilidadeAtlassian Confluence Server and Data Center Remote Code Execution Vulnerability
Data inclusao KEV2022-06-02
Prazo de remediacao2022-06-06
Uso em ransomwareKnown
Produtos afetados
atlassian:confluence_data_centeratlassian:confluence_server
Fraquezas (CWE)
CWE-917CWE-917
Referencias
http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html(security@atlassian.com)
http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html(security@atlassian.com)
http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html(security@atlassian.com)
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html(security@atlassian.com)
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html(security@atlassian.com)
https://jira.atlassian.com/browse/CONFSERVER-79016(security@atlassian.com)
http://packetstormsecurity.com/files/167430/Confluence-OGNL-Injection-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167431/Through-The-Wire-CVE-2022-26134-Confluence-Proof-Of-Concept.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167432/Confluence-OGNL-Injection-Proof-Of-Concept.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167449/Atlassian-Confluence-Namespace-OGNL-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html(af854a3a-2127-422b-91ae-364da2661108)
https://jira.atlassian.com/browse/CONFSERVER-79016(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26134(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.