Security News > 2022 > July > CISA warns of critical Confluence bug exploited in attacks
CISA has added a critical Confluence vulnerability tracked as CVE-2022-26138 to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation.
Today, CISA added the CVE-2022-26138 to its catalog of Known Exploited Vulnerabilities based on evidence of active exploitation.
Cybersecurity firm Rapid7 also published a report Wednesday warning the security flaw is now actively exploited in the wild but did not share any information on the attacks or indicators of compromise collected while investigating them.
Even though the BOD 22-01 directive only applies to US federal agencies, CISA also "Strongly urges" organizations across the country to fix this flaw to thwart attacks against vulnerable Confluence servers.
Since this directive was issued, CISA has added hundreds of security bugs to its catalog of bugs exploited in attacks, ordering federal agencies to patch vulnerable systems as soon as possible to prevent breaches.
Securing Confluence servers is particularly important given that they're attractive targets, as demonstrated by previous attacks with AvosLocker and Cerber2021 ransomware, Linux botnet malware, and crypto miners.
News URL
Related news
- CISA warns of critical Oracle, Mitel flaws exploited in attacks (source)
- CISA: No Wider Federal Impact from Treasury Cyber Attack, Investigation Ongoing (source)
- CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- CISA orders agencies to patch BeyondTrust bug exploited in attacks (source)
- CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks (source)
- Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-20 | CVE-2022-26138 | Use of Hard-coded Credentials vulnerability in Atlassian Questions for Confluence 2.7.34/2.7.35/3.0.2 The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. | 9.8 |