Threat Advisory

Atlassian Vulnerability CVE-2022-26134 Abused for More Critical Vulnerabilities

September 23, 2022 | By Accorian

On June 2nd, Atlassian released a security advisory for a critical remote code execution vulnerability that was discovered in Atlassian’s Confluence Server and Data Centre products. The vulnerability was rated a 9.8 CVSS score and was assigned CVE-2022-26134. Atlassian has already released a patch along with an advisory detailing the fixes necessary, on June 3rd. The threat actors are now leveraging the unpatched Atlassian Confluence servers to perform more malicious attacks like absolute Domain Takeover of the infrastructure, deployment of remote access trojans (RATs), information stealers, and ransomware. Installation of additional malicious payloads, including Kinsing, the Dark.IoT malware and unauthorized cryptocurrency mining are also observed recently. Accorian urges the users to prioritize patching this gap as soon as possible since it is easy to exploit it for other subsequent compromises. If it is not feasible to upgrade immediately, Atlassian has released several workarounds for different versions. The complete list can be found here.

Accorian can help identify this vulnerability in your environment. 

Source: CVE-2022-26134 Abused For More Critical Vulnerabilities | Atlassian

Threat Advisory Team 

Accorian

Recent Post

    Ready to Start?

    Shukla CPA, d.b.a Accorian Assurance is a licensed, certified public accounting firm registered with the American Institute of Pubic Accountants (AICPA) and the Public Company Accounting Oversight Board (PCAOB). Esha IT Corp d.b.a Accorian is a global leader in cybersecurity and compliance professional services.

    © 2023 Accorian. All Rights Reserved.

      Ready to Start?

      Download Case study

      Download SOC2 Guide

      Human Resources Director

      Posted On: 09 May, 2022

      Drop your CVs to joinourteam@accorian.com

        Interested Position
        First Name
        Last Name
        Email
        Total Experience
        Mobile Number
        Upload Resume