Vendor and product: Atlassian Confluence Server and Data Center
This bug, impacting a range of Atlassian Confluence Sever and Data Center instances, is a OGNL injection vulnerability that enables attackers to execute arbitrary code on a Confluence Server or Data Center instance.
According to CISA, this bug became one of the most routinely exploited vulnerabilities after a proof-of-concept was released within a week of the flaw’s disclosure. Mass exploitation was observed in September 2021, just days after Atlassian published its advisory on Aug. 25.
Return To Article