US officials warn of “mass exploitation” of Atlassian Confluence flaw

Hackers can exploit the workplace collaboration platform to execute arbitrary code remotely

Hackers are exploiting a vulnerability in the on-premise Atlassian Confluence workplace collaboration platform on a massive scale, with businesses urged to patch their systems without delay.

US Cyber Command issued a public notice just before the weekend warning that mass exploitation of the remote code execution flaw tracked as CVE-2021-26084 is “ongoing and expected to accelerate”. 

“Please patch immediately if you haven’t already,” the notice added. “This cannot wait until after the weekend.”

Confluence is a workplace collaboration platform that allows teams to work together remotely on projects or ideas. 

The vulnerability, which is embedded in the Atlassian Confluence Server and Confluence Data Center products, can allow an unauthorised attacker to execute arbitrary code on either of the affected platforms. 

Confluence Cloud, which is hosted on public cloud environments, isn’t affected by the flaw. Rather, the on-premises versions of the product are those susceptible to exploitation.

It’s rated 9.8 on the CVSS threat severity scale out of ten, suggesting it’s highly exploitable. The firm had never publicly revealed the precise exploit mechanisms, though, beyond describing the flaw as a Confluence Server Webwork OGNL injection. This was presumably to avoid fuelling any future attacks before businesses had a chance to apply the fix. 

Atlassian disclosed this vulnerability a couple of weeks ago and urged businesses to patch their systems at the time. However, cyber criminals from around the world have since been detected as scanning for vulnerable systems and launching attacks.

Related Resource

Challenging the rules of security

Protecting data and simplifying IT management with Chrome OS

Whitepaper front coverFree download

The threat intelligence firm Bad Packets, for example, detected mass scanning and exploit activity from hosts in a number of regions including China and Brazil earlier last week.  

Atlassian previously addressed a serious vulnerability in its system that could allow hackers to compromise user accounts, and control several apps that users can access seamlessly through a single sign-on (SSO) feature.

This latest vulnerability in Confluence is just one of many serious vulnerabilities that have been exploited during 2021, with the rate of successfully abused zero-days surging over the last few months. 

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021
Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition
mergers and acquisitions

Intuit plans end-to-end SMB platform after $12 billion Mailchimp acquisition

14 Sep 2021