• Language chooser
    • USA (English)
    • France (Français)

Atlassian Confluence OGNL RCE Vulnerability

Released: Jun 04, 2022


High Severity

Confluence Platform

Atlassian Vendor

Vulnerability Type

A critical vulnverability on Atlassian Confluence.

A critical 0-day vulnerability on Atlassian Confluence Data Center and Server is actively being exploited in the wild. The vulnerability is established via the Object Graph Navigation Language (OGNL) injection that allows an unauthenticated user to execute arbitrary code. Learn More »

Common Vulnerabilities and Exposures

CVE-2022-26134

Background

A cybersecurity firm Volexity was responding to an attack incident, which revealed that the attack leveraged a 0-day vulnerability on Atlassian Confluence Server.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


June 2, 2022: The vendor has released an advisory.


June 2, 2022: The Hacker News posted an article on Volexity's discovery of the 0-day. June 3, 2022: The vendor has released their fixed.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
  • Vulnerability

  • IPS

  • Post-execution

DETECT
  • Threat Hunting

RESPOND
  • Assisted Response Services

  • Automated Response

RECOVER
  • NOC/SOC Training

  • End-User Training

IDENTIFY
  • Attack Surface Hardening

  • Vulnerability Management

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Indicator List
Indicator Type Status
94.247.43.254 ip Active
gulf.moneroocean.stream domain Active
http://gulf.moneroocean.stream:10001/ url Active
185.154.53.140 ip Active
f0551696774f66ad3485445d9e3f7214 file Active
185.87.48.183 ip Active
194.87.102.77 ip Active
212.22.77.79 ip Active
eefc0ce93d254982fbbcd26460f3d10d file Active
27.1.1.34 ip Active
http://31.210.20.120/ldr.sh url Active
http://194.145.227.21/ldr.sh url Active
http://194.145.227.21/sysrv url Active
194.145.227.21 ip Active
194.36.144.87 ip Active
109.237.96.124 ip Active
babaroga.lib domain Active
136.144.41.171 ip Active
209.141.41.137 ip Active
5.206.227.244 ip Active
185.191.32.198 ip Active
163.123.142.210 ip Active
209.141.37.110 ip Active
31.13.191.157 ip Active
a.oracleservice.top domain Active
167.114.114.169 ip Active
51.79.175.139 ip Active
51.79.175.139:8080 ip Active
oracleservice.top domain Active
3edcde37dcecb1b5a70b727ea36521de file Active
7ef97450e84211f9f35d45e1e6ae1481 file Active
4dcae1bddfc3e2cb98eae84e86fb58ec14ea6ef00778ac5... file Active
5d2530b809fd069f97b30a5938d471dd2145341b5793a70... file Active
2.56.11.65 ip Active
194.38.20.166 ip Active
185.157.160.214 ip Active
156.146.56.136 ip Active
http://download.c3pool.org/xmrig_setup/raw/mast... url Active
51.255.171.23 ip Active
http://202.28.229.174/ldr.sh url Active
202.28.229.174 ip Active
http://202.28.229.174/sys.x86_64 url Active
http://202.28.229.174/curl url Active
http://202.28.229.174/kthmimu.txt url Active
aaa4aaa14e351350fccbda72d442995a65bd1bb8281d97d... file Active
1136efb1a46d1f2d508162387f30dc4d file Active
185.40.4.66 ip Active
138.68.61.82 ip Active
198.251.86.46 ip Active
193.106.191.48 ip Active
91.241.19.134 ip Active
95.182.120.164 ip Active
149.57.170.179 ip Active
ea18fb65d92e1f0671f23372bacf60e7 file Active
f8df4dd46f02dc86d37d46cf4793e036 file Active
154.146.34.145 ip Active
154.16.105.147 ip Active
156.146.34.46 ip Active
156.146.34.52 ip Active
156.146.34.9 ip Active
198.147.22.148 ip Active
221.178.126.244 ip Active
45.43.19.91 ip Active
59.163.248.170 ip Active
64.64.228.239 ip Active
66.115.182.102 ip Active
66.115.182.111 ip Active
67.149.61.16 ip Active
98.32.230.38 ip Active
45.86.86.50 ip Active
http://202.28.229.174/ap.sh url Active
cadfup19pvceug800010mr5hm99zhhkh8.oast.pro domain Active
http://23.224.132.144:5231/li_36 url Active
http://45.86.86.50/test/ac.config.sh url Active
4c02c3a150de6b70d6fca584c29888202cc1deef file Active
80b327ec19c7d14cc10511060ed3a4abffc821af file Active
39fa09571e6a8516327a4b501b0d32197c99b3009d4db9a... file Active
a2d3c868667e2b702c9894b297237247a9b106622e4b1be... file Active
afebbb0663b3a4b537efc2e3aa61b046cfa03e32cc4b82b... file Active
b0f4ad9535f4df8f5448c3c201449e24c974ffd25d7a308... file Active
f13e48658426307d9d1434b50fa0493f566ed1f31d6e88b... file Active
23.224.132.144 ip Active
23.224.132.144:5231 ip Active
134.213.29.14 ip Active
136.144.41.175 ip Active
185.234.247.8 ip Active
195.2.79.26 ip Active
3.22.186.242 ip Active
45.95.169.118 ip Active
91.217.81.162 ip Active
http://198.251.86.46/xms url Active
http://209.141.14.137/JavaApache url Active
http://209.141.41.137/JavaApache url Active
193.70.30.98 ip Active
62.4.23.97 ip Active
167.99.57.116 ip Active
172.104.31.117 ip Active
18.216.140.250 ip Active
18.221.234.103 ip Active
191.37.248.120 ip Active
Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0