The remote Atlassian Confluence application running on the remote host is affected by an OGNL injection vulnerability that would allow an unauthenticated user to execute arbitrary code on a Confluence Server or Data Center instance by sending a specially crafted HTTP request.

Binary data confluence_cve_2021_26084.nbin

VendorProductVersionCPE
atlassianconfluencecpe:/a:atlassian:confluence

Vendor	Product	Version	CPE
atlassian	confluence		cpe:/a:atlassian:confluence

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26084

www.nessus.org/u?7cb62fdb

jira.atlassian.com/browse/CONFSERVER-67940

githubexploit 36

cvelist 1

thn 11

rapid7blog 5

prion 1

trendmicroblog 3

hackerone 2

nvd 1

zdt 3

cve 1

akamaiblog 2

attackerkb 5

cisa 1

nuclei 1

checkpoint_advisories 1

atlassian 3

nessus 1

cisa_kev 1

metasploit 1

packetstorm 3

impervablog 5

threatpost 3

exploitdb 1

hivepro 1

malwarebytes 4

mssecure 2

mmpc 2

github 1

avleonov 2

qualysblog 5

googleprojectzero 1

ics 3

securelist 1

githubexploit

Exploit for Expression Language Injection in Atlassian Confluence Data Center

2023-07-03 07:31:29

Exploit for Injection in Atlassian Confluence

2021-09-07 01:15:16

Exploit for Injection in Atlassian Confluence Server

2021-09-04 13:32:42

cvelist

CVE-2021-26084

2021-08-10 00:00:00

thn

U.S. Cyber Command Warns of Ongoing Attacks Exploiting Atlassian Confluence Flaw

2021-09-04 07:19:00

Atlassian Confluence RCE Flaw Abused in Multiple Cyberattack Campaigns

2021-09-28 15:31:00

Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server

2021-09-07 10:05:00

rapid7blog

Metasploit Wrap-Up

2021-10-22 14:25:55

Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084

2021-09-02 15:44:36

Metasploit Wrap-Up

2021-09-10 18:32:40

prion

Code injection

2021-08-30 07:15:00

trendmicroblog

Cryptominer z0Miner Uses Newly Discovered Vulnerability CVE-2021-26084 to Its Advantage

2021-09-21 00:00:00

Tracking CVE-2021-26084 and Other Server-Based Vulnerability Exploits via Trend Micro Cloud One and Trend Micro Vision One

2021-10-18 00:00:00

Tracking CVE-2021-26084 and Other Server-Based Vulnerability Exploits via Trend Micro Cloud One and Trend Micro Vision One

2021-10-18 00:00:00

hackerone

U.S. Dept Of Defense: RCE on ███████ [CVE-2021-26084]

2021-09-02 02:58:10

U.S. Dept Of Defense: RCE in ███ [CVE-2021-26084]

2021-09-02 05:49:27

nvd

CVE-2021-26084

2021-08-30 07:15:06

zdt

Confluence Server 7.12.4 - (OGNL injection) Remote Code Execution Exploit

2021-09-01 00:00:00

Atlassian Confluence WebWork OGNL Injection Exploit

2021-09-10 00:00:00

Atlassian Confluence Namespace OGNL Injection Exploit

2022-06-09 00:00:00

cve

CVE-2021-26084

2021-08-30 07:15:06

akamaiblog

Confluence Server Webwork OGNL Injection (CVE-2021-26084): How Akamai Helps You Protect Against Zero-Day Attacks

2021-09-15 07:00:00

Confluence Server Webwork OGNL Injection (CVE-2021-26084): How Akamai Helps You Protect Against Zero-Day Attacks

2021-09-15 07:00:00

attackerkb

CVE-2021-26084 Confluence Server OGNL injection

2021-08-10 00:00:00

CVE-2020-14883 — Authenticated RCE in Console component of Oracle WebLogic Server

2020-10-21 00:00:00

CVE-2020-14750 — Oracle WebLogic Remote Unauthenticated Remote Code Execution (RCE) Vulnerability

2020-11-02 00:00:00

cisa

Atlassian Releases Security Updates for Confluence Server and Data Center

2021-09-03 00:00:00

nuclei

Confluence Server - Remote Code Execution

2021-08-31 20:40:27

checkpoint_advisories

Atlassian Confluence Remote Code Execution (CVE-2021-26084)

2021-09-05 00:00:00

atlassian

Confluence Server Webwork OGNL injection - CVE-2021-26084

2021-07-27 05:13:48

RCE on Confluence Data Center via OGNL Injection - CVE-2021-39114

2021-08-27 03:55:57

Confluence Server Webwork OGNL injection - CVE-2021-26084

2021-07-27 05:13:48

nessus

Atlassian Confluence < 6.13.23 / 6.14 < 7.4.11 / 7.5 < 7.11.6 / 7.12 < 7.12.5 Webwork OGNL Injection (CONFSERVER-67940)

2021-08-26 00:00:00

cisa_kev

Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability

2021-11-03 00:00:00

metasploit

Atlassian Confluence WebWork OGNL Injection

2021-10-14 21:58:04

packetstorm

Confluence Server 7.12.4 OGNL Injection Remote Code Execution

2021-09-01 00:00:00

Atlassian Confluence WebWork OGNL Injection

2021-09-10 00:00:00

Atlassian Confluence Namespace OGNL Injection

2022-06-08 00:00:00

impervablog

2021 in Review, Part 2: 5 Top Cybersecurity Stories

2021-12-29 12:03:19

New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner

2024-03-20 16:56:29

Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery

2024-02-21 09:28:01

threatpost

Log4JShell Used to Swarm VMware Servers with Miners, Backdoors

2022-03-29 20:33:08

Jenkins Hit as Atlassian Confluence Cyberattacks Widen

2021-09-07 16:07:58

Zoho ManageEngine Password Manager Zero-Day Gets Fix

2021-09-09 12:58:48

exploitdb

Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated)

2021-09-01 00:00:00

hivepro

Cerber targeting organizations with publicly available exploits

2021-12-14 13:50:15

malwarebytes

Update now! Atlassian Confluence vulnerability is being actively exploited

2023-10-12 04:00:00

The top 5 most routinely exploited vulnerabilities of 2021

2022-04-29 16:28:20

2022's most routinely exploited vulnerabilities—history repeats

2023-08-07 18:30:00

mssecure

Cadet Blizzard emerges as a novel and distinct Russian threat actor

2023-06-14 16:00:00

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

2021-12-12 05:29:03

mmpc

Cadet Blizzard emerges as a novel and distinct Russian threat actor

2023-06-14 16:00:00

Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability

2021-12-12 05:29:03

github

Bypassing OGNL sandboxes for fun and charities

2023-01-27 16:00:49

avleonov

Security News: Microsoft Patch Tuesday September 2021, OMIGOD, MSHTML RCE, Confluence RCE, Ghostscript RCE, FORCEDENTRY Pegasus

2021-09-18 23:22:00

Joint Advisory AA22-279A and Vulristics

2022-10-21 20:10:13

qualysblog

Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities

2023-08-24 19:07:05

CISA Alert: Top 15 Routinely Exploited Vulnerabilities

2022-05-06 12:19:24

NSA Alert: Topmost CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

2022-10-07 20:03:01

googleprojectzero

2022 0-day In-the-Wild Exploitation…so far

2022-06-30 00:00:00

ics

Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

2022-10-06 12:00:00

2021 Top Routinely Exploited Vulnerabilities

2022-04-28 12:00:00

2022 Top Routinely Exploited Vulnerabilities

2023-08-03 12:00:00

securelist

IT threat evolution in Q3 2021. PC statistics

2021-11-26 12:00:36

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.974 High

EPSS

Percentile

100.0%

JSON

Related for CONFLUENCE_CVE_2021_26084.NBIN