9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%
This is an evolving storyline.
**Last update: June 4, 2022****.**
On June 2, 2022, Atlassian published a security advisory regarding a CVE for versions of Confluence Server and Data Center applications greater than 1.3.0. The advisory details a critical severity unauthenticated remote code execution vulnerability and is identified as CVE-2022-26134. This Object-Graph Navigation Language (OGNL) injection allows an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance.
Atlassian has released a patch for CVE-2022-26134 and is recommending that all Confluence customers deploy this patch immediately to bring them up to the latest long-term version available. To track the latest information on this vulnerability, Confluence customers are advised to follow this Jira issue.
Imperva Cloud Web Application Firewall, WAF Gateway, and Runtime Protection (RASP) customers are fully protected from CVE-2022-26134 without requiring security rule changes. This protection was validated by the Imperva product team and Imperva Threat Research.
For Confluence users who havenāt updated their software or cannot update to a long-term supported version at this time, Imperva offers a free trial of Cloud WAF that can be quickly deployed to protect vulnerable versions of Confluence.
**Imperva Threat Research Analysis of CVE-2022-2613 **Since the disclosure, Imperva Threat Research monitored widespread scanning and attempted exploitation of this vulnerability. The uptick can be seen from our analysis below on the number of Java runtime injection attacks over the last 24 hours.
What Imperva Threat Research has observed:
**Try Imperva for Free **Protect your business from vulnerabilities like CVE-2022-26134 and others for free for 30 days. Click here to start your free trial today.
The post Imperva Customers are protected from Atlassian Confluence CVE-2022-26134 appeared first on Blog.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.975 High
EPSS
Percentile
100.0%