Tag :
Cyber Security

1. Summary

Vulnerability Name Atlassian Confluence Server Webwork OGNL Injection Vulnerability (CVE-2021-26084)
Component Name Atlassian Confluence Webwork module
Affected Versions Atlassian Confluence Server and Data Center < 6.13.23
6.14.0 ≤ Atlassian Confluence Server and Data Center < 7.4.11
7.5.0 ≤ Atlassian Confluence Server and Data Center < 7.11.6
7.12.0 ≤ Atlassian Confluence Server and Data Center < 7.12.5
Vulnerability Type Object-Graph Navigation Language (OGNL) Injection
Severity CVSS v3 Base Score 9.8 (Critical)
Exploitability Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Impact Confidentiality Impact: High
Integrity Impact: High
Availability Impact: High

2. About the Vulnerability

2.1 Introduction

Confluence is a web-based corporate collaboration software developed by Australian software company Atlassian. Confluence Server and Data Center is the on-premises version hosted on servers on the customer’s side to add high availability with load balancing across nodes in a clustered setup.

A WebWork plugin module defines a URL-addressible action, allowing Jira's user-visible functionality to be extended or partially overridden.

2.2 Summary

On Aug 26, 2021, Sangfor FarSight Labs received a notice about the Atlassian Confluence Server Webwork OGNL injection vulnerability (CVE-2021-26084), classified as critical with a CVSS Score of 9.8.

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.

CVE-2021-26084 was added to CISA’s Known Exploited Vulnerabilities Catalog on November 3, 2022,

Figure 1. Exploits of CVE-2021-26084 detected by Sangfor from October 19 to November 17, 2022.

Figure 1. Exploits of CVE-2021-26084 detected by Sangfor from October 19 to November 17, 2022.
For the most up-to-day exploit statistics, please visit the following page (registration required).  

3. Affected Versions

Atlassian Confluence Server and Data Center < 6.13.23

6.14.0 ≤ Atlassian Confluence Server and Data Center < 7.4.11

7.5.0 ≤ Atlassian Confluence Server and Data Center < 7.11.6

7.12.0 ≤ Atlassian Confluence Server and Data Center < 7.12.5

4. Solutions

4.1 Remediation Solutions

4.1.1 Check the Component Version

The version information can be viewed at the bottom of the Atlassian homepage:

Atlassian homepage

4.1.2 Atlassian Solution

Atlassian has released a new version to fix this vulnerability. Please download it from the following link: https://www.atlassian.com/software/confluence/download-archives

4.1.3 Workaround

Atlassian has released workarounds for Confluence Server or Data Center running on Linux and Windows based Operating Systems. Please find the workarounds in this link under “Mitigations”: https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html

These temporary solutions do not completely fix the issue. Users can decide whether to adopt the solution based on their business needs.

4.2 Sangfor Solutions

4.2.1 Active Detection

The following Sangfor products and services actively detect assets affected by the Atlassian Confluence Server Webwork OGNL injection vulnerability (CVE-2021-26084): 

4.2.2 Security Monitoring

The following Sangfor products and services perform real-time monitoring of assets affected by the Atlassian Confluence Server Webwork OGNL injection vulnerability (CVE-2021-26084):

4.2.3 Security Protection

The following Sangfor products and services provide protection against the Atlassian Confluence Server Webwork OGNL injection vulnerability (CVE-2021-26084):

5. Timeline

On August 26, 2022, Sangfor FarSight Labs received a notice about the Atlassian Confluence Server Webwork OGNL injection vulnerability (CVE-2021-26084).

On August 26, 2022, Sangfor FarSight Labs released a vulnerability alert.

On September 20, 2021, Sangfor FarSight Labs successfully reproduced this vulnerability and released solutions.

6. Reference

https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html

https://nvd.nist.gov/vuln/detail/CVE-2021-26084

7. Learn More

Sangfor FarSight Labs researches the latest cyberthreats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyberthreats, providing fast and easy protection for customers.

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Name
Email Address
Business Phone Number
Tell us about your project requirements

Related Articles

CVE-2024-47575: Fortinet FortiManager Authentication Vulnerability

Date : 25 Oct 2024
Read Now

CVE-2024-38819: Path Traversal Vulnerability

Date : 19 Oct 2024
Read Now

CVE-2024-40766: SonicWALL SonicOS Access Control Flaw Vulnerability

Date : 12 Sep 2024
Read Now

See Other Product

Sangfor Omni-Command
Replace your Enterprise NGAV with Sangfor Endpoint Secure
Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall

Meet the Author

About Sangfor

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail