Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
June 9, 2022Rewterz Threat Alert – Vidar Malware – Active IOCs
June 9, 2022Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
June 9, 2022Rewterz Threat Alert – Vidar Malware – Active IOCs
June 9, 2022Severity
High
Analysis Summary
CVE-2021-26084
Atlassian Confluence Server and Center code could allow a remote attacker to execute arbitrary code on the system, caused by a webwork OGNL injection flaw. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators Of Compromise
CVE
- CVE-2021-26084
Affected Vendors
Atlassian
Affected Products
- Atlassian Confluence Server 6.9.0
- Atlassian Confluence Server 6.12.0
- Atlassian Confluence Server 6.7.0
- Atlassian Confluence Server 6.13.0
Remediation
Refer to Confluence Security Advisory for patch, upgrade or suggested workaround information.