In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2021-26084 | Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability | secondary_impact | T1496 | Resource Hijacking |
Comments
CVE-2021-26084 is a critical vulnerability affecting Atlassian Confluence Server and Data Center that allows unauthenticated remote code execution. This Object-Graph Navigation Language (OGNL) injection vulnerability enables attackers to execute arbitrary code on vulnerable Confluence instances
References
|
| CVE-2021-26084 | Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2021-26084 is a critical vulnerability affecting Atlassian Confluence Server and Data Center that allows unauthenticated remote code execution. This Object-Graph Navigation Language (OGNL) injection vulnerability enables attackers to execute arbitrary code on vulnerable Confluence instances
References
|