Security News > 2024 > January > Atlassian Confluence Server RCE attacks underway from 600+ IPs

More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 - a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server - according to non-profit security org Shadowserver.
The CVE scored a CVSS rating of 10 out of 10, and it affects Confluence Data Center and Server 8 versions released before December 5, 2023 and versions up to 8.4.5.
Atlassian hasn't updated its CVE-2023-22527 security advisory to indicate any instances of Confluence Server being under active exploitation.
The issue has already been corrected in a previous release of Confluence Server and Data Center.
Atlassian security may soon become even more challenged: on February 15th the Aussie software company ends support for its Server products, with vastly more expensive Datacenter products or a cloud migration the alternatives.
An Atlassian partner recently told The Register that forty percent of its clientele intends to continue using the unsupported products despite Atlassian insisting it won't provide patches.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/22/atlassian_confluence_server_rce/
Related news
- Samsung MagicINFO 9 Server RCE flaw now exploited in attacks (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- New BPFDoor Controller Enables Stealthy Lateral Movement in Linux Server Attacks (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Hitachi Vantara takes servers offline after Akira ransomware attack (source)
- Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-16 | CVE-2023-22527 | Injection vulnerability in Atlassian Confluence Data Center and Confluence Server A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. | 9.8 |