CVE-2021-26084
| CVE Published | 2021-08-30 |
|---|---|
| Related CWE(s) | CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
| Related Vendor(s) | atlassian |
| Related Product(s) | confluence_data_center, confluence_server |
| Exploitation Reported (CISA KEV) | 2021-11-03 |
| CVSS 3 Base Score | 9.8 (CRITICAL) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | NETWORK |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph