Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.

cvelist 1

githubexploit 36

prion 1

thn 11

rapid7blog 5

cisa 1

checkpoint_advisories 1

nuclei 1

nessus 2

atlassian 3

attackerkb 5

threatpost 3

nvd 1

zdt 3

trendmicroblog 3

cve 1

hackerone 2

akamaiblog 2

metasploit 1

packetstorm 3

exploitdb 1

impervablog 5

malwarebytes 4

hivepro 1

mssecure 2

mmpc 2

ics 4

avleonov 2

github 1

qualysblog 5

googleprojectzero 1

securelist 1

cvelist

CVE-2021-26084

2021-08-10 00:00:00

githubexploit

Exploit for Injection in Atlassian Confluence

2021-09-07 01:15:16

Exploit for Expression Language Injection in Atlassian Confluence Data Center

2023-07-03 07:31:29

Exploit for Injection in Atlassian Confluence Server

2021-09-01 12:36:52

prion

Code injection

2021-08-30 07:15:00

thn

U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw

2021-09-04 07:19:00

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns

2021-09-28 15:31:00

Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server

2021-09-07 10:05:00

rapid7blog

Metasploit Wrap-Up

2021-10-22 14:25:55

Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084

2021-09-02 15:44:36

Metasploit Wrap-Up

2021-09-10 18:32:40

cisa

Atlassian Releases Security Updates for Confluence Server and Data Center

2021-09-03 00:00:00

checkpoint_advisories

Atlassian Confluence Remote Code Execution (CVE-2021-26084)

2021-09-05 00:00:00

nuclei

Confluence Server - Remote Code Execution

2021-08-31 20:40:27

nessus

Atlassian Confluence Server Webwork OGNL Injection (CVE-2021-26084)

2021-09-07 00:00:00

Atlassian Confluence < 6.13.23 / 6.14 < 7.4.11 / 7.5 < 7.11.6 / 7.12 < 7.12.5 Webwork OGNL Injection (CONFSERVER-67940)

2021-08-26 00:00:00

atlassian

Confluence Server Webwork OGNL injection - CVE-2021-26084

2021-07-27 05:13:48

RCE on Confluence Data Center via OGNL Injection - CVE-2021-39114

2021-08-27 03:55:57

Confluence Server Webwork OGNL injection - CVE-2021-26084

2021-07-27 05:13:48

attackerkb

CVE-2021-26084 Confluence Server OGNL injection

2021-08-10 00:00:00

CVE-2020-14883 — Authenticated RCE in Console component of Oracle WebLogic Server

2020-10-21 00:00:00

CVE-2020-14750 — Oracle WebLogic Remote Unauthenticated Remote Code Execution (RCE) Vulnerability

2020-11-02 00:00:00

threatpost

Log4JShell Used to Swarm VMware Servers with Miners, Backdoors

2022-03-29 20:33:08

Jenkins Hit as Atlassian Confluence Cyberattacks Widen

2021-09-07 16:07:58

Zoho ManageEngine Password Manager Zero-Day Gets Fix

2021-09-09 12:58:48

nvd

CVE-2021-26084

2021-08-30 07:15:06

zdt

Atlassian Confluence WebWork OGNL Injection Exploit

2021-09-10 00:00:00

Confluence Server 7.12.4 - (OGNL injection) Remote Code Execution Exploit

2021-09-01 00:00:00

Atlassian Confluence Namespace OGNL Injection Exploit

2022-06-09 00:00:00

trendmicroblog

Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage

2021-09-21 00:00:00

Tracking CVE-2021-26084 and Other Server-Based Vulnerability Exploits via Trend Micro Cloud One and Trend Micro Vision One

2021-10-18 00:00:00

Tracking CVE-2021-26084 and Other Server-Based Vulnerability Exploits via Trend Micro Cloud One and Trend Micro Vision One

2021-10-18 00:00:00

cve

CVE-2021-26084

2021-08-30 07:15:06

hackerone

U.S. Dept Of Defense: RCE on ███████ [CVE-2021-26084]

2021-09-02 02:58:10

U.S. Dept Of Defense: RCE in ███ [CVE-2021-26084]

2021-09-02 05:49:27

akamaiblog

Confluence Server Webwork OGNL Injection (CVE-2021-26084): How Akamai Helps You Protect Against Zero-Day Attacks

2021-09-15 07:00:00

Confluence Server Webwork OGNL Injection (CVE-2021-26084): How Akamai Helps You Protect Against Zero-Day Attacks

2021-09-15 07:00:00

metasploit

Atlassian Confluence WebWork OGNL Injection

2021-10-14 21:58:04

packetstorm

Atlassian Confluence WebWork OGNL Injection

2021-09-10 00:00:00

Confluence Server 7.12.4 OGNL Injection Remote Code Execution

2021-09-01 00:00:00

Atlassian Confluence Namespace OGNL Injection

2022-06-08 00:00:00

exploitdb

Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated)

2021-09-01 00:00:00

impervablog

2021 in Review, Part 2: 5 Top Cybersecurity Stories

2021-12-29 12:03:19

New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner

2024-03-20 16:56:29

Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery

2024-02-21 09:28:01

malwarebytes

Update now! Atlassian Confluence vulnerability is being actively exploited

2023-10-12 04:00:00

2022's most routinely exploited vulnerabilities—history repeats

2023-08-07 18:30:00

The top 5 most routinely exploited vulnerabilities of 2021

2022-04-29 16:28:20

hivepro

Cerber targeting organizations with publicly available exploits

2021-12-14 13:50:15

mssecure

Cadet Blizzard emerges as a novel and distinct Russian threat actor

2023-06-14 16:00:00

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

2021-12-12 05:29:03

mmpc

Cadet Blizzard emerges as a novel and distinct Russian threat actor

2023-06-14 16:00:00

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

2021-12-12 05:29:03

ics

People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action

2024-07-08 12:00:00

Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

2022-10-06 12:00:00

2021 Top Routinely Exploited Vulnerabilities

2022-04-28 12:00:00

avleonov

Security News: Microsoft Patch Tuesday September 2021, OMIGOD, MSHTML RCE, Confluence RCE, Ghostscript RCE, FORCEDENTRY Pegasus

2021-09-18 23:22:00

Joint Advisory AA22-279A and Vulristics

2022-10-21 20:10:13

github

Bypassing OGNL sandboxes for fun and charities

2023-01-27 16:00:49

qualysblog

Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities

2023-08-24 19:07:05

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

2022-05-06 12:19:24

NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

2022-10-07 20:03:01

googleprojectzero

2022 0-day In-the-Wild Exploitation…so far

2022-06-30 00:00:00

securelist

IT threat evolution in Q3 2021. PC statistics

2021-11-26 12:00:36

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.974

Percentile

99.9%

JSON

Related for CISA-KEV-CVE-2021-26084