Threat actors were spotted exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product. Atlassian released security patches to address the critical flaw earlier last week.
The flaw is an OGNL injection issue that can be exploited by an authenticated attacker to execute arbitrary code on affected Confluence Server and Data Center instances.
The issue was discovered through the Atlassian public bug bounty program, the vulnerability received a CVSS score of 9.8.
Affected versions are:
- version < 6.13.23
- 6.14.0 ≤ version < 7.4.11
- 7.5.0 ≤ version < 7.11.5
- 7.12.0 ≤ version < 7.12.5
Threat actors found performing mass scanning and exploit activity targeting Atlassian Confluence servers vulnerable to the above RCE.
Internet scans for systems affected by the CVE-2021-26084 flaw were also spotted by other researchers, the Japan CERT issued a security alert regarding this flaw.
Experts believe that the number of attacks targeting this Confluence vulnerability will increase in coming weeks.