Source |
CSO |
Identifiant |
5024544 |
Date de publication |
2022-06-07 10:36:00 (vue: 2022-06-07 18:05:06) |
Titre |
Zero-day flaw in Atlassian Confluence exploited in the wild since May |
Texte |
Software firm Atlassian released emergency patches for its popular Confluence Server and Data Center products after reports came to light late last week that attackers were exploiting an unpatched vulnerability in the wild. According to data from Cloudflare's web application firewall (WAF) service, the attacks started almost two weeks ago.The vulnerability, now tracked as CVE-2022-26134, is rated critical and allows unauthenticated attackers to gain remote code execution (RCE) on servers hosting the affected Confluence versions. The company urges customers to upgrade to the newly released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1, depending on which release they use.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
2022 26134 according affected after ago allows almost application article atlassian attackers attacks came center click cloudflare code company confluence critical customers cve data day depending emergency execution exploited exploiting firewall firm flaw from full gain here hosting its last late light may newly now patches please popular products rated rce read release released remote reports server servers service since software started tracked two unauthenticated unpatched upgrade urges use versions vulnerability waf web week weeks which wild zero |
Tags |
Vulnerability
|
Stories |
|
Notes |
|
Move |
|