CVE-2021-26084

Summary

CVE-2021-26084 is an OGNL injection vulnerability that affects Confluence Server and Data Center. The vulnerability allows an unauthenticated attacker to execute arbitrary code on affected instances. Versions before 6.13.23, between 6.14.0 and 7.4.11, between 7.5.0 and 7.11.6, and between 7.12.0 and 7.12.5 are affected by this vulnerability. To remediate it, organizations should update their Confluence Server or Data Center instances to a version that is not affected by the vulnerability, as recommended by Atlassian's vendor advisory (link: https://jira.atlassian.com/browse/CONFSERVER-67940). This vulnerability has a high base severity rating of CRITICAL, with a base score of 9.8 according to NIST's National Vulnerability Database (NVD). The exploitation of this vulnerability can result in high impacts on integrity and confidentiality, with a potential danger to organizations' security. Note: This summary is based on the provided information and does not include any additional analysis or interpretation of the vulnerability's impact or severity beyond what is stated in the sources provided

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.