Security News > 2023 > October > CISA, FBI urge admins to patch Atlassian Confluence immediately

CISA, FBI urge admins to patch Atlassian Confluence immediately
2023-10-16 15:05

CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks.

On October 4, when it released security updates, Atlassian advised customers to upgrade their Confluence instances as soon as possible to one of the fixed versions as the bug was already exploited in the wild as a zero-day.

One week after CISA added the bug to its list of known exploited vulnerabilities, Microsoft revealed that a Chinese-backed threat group tracked as Storm-0062 has been exploiting the flaw as a zero-day since at least September 14, 2023.

Last year, CISA ordered federal agencies to address another critical Confluence vulnerability exploited in the wild.

Microsoft: State hackers exploiting Confluence zero-day since September.

Atlassian patches critical Confluence zero-day exploited in attacks.


News URL

https://www.bleepingcomputer.com/news/security/cisa-fbi-urge-admins-to-patch-atlassian-confluence-immediately/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Atlassian 58 56 275 59 36 426