![]() ![]() It offers a simpler way of achieving what can be done in Java itself and it is supported in many products. The vulnerability is described as an Object-Graph Navigation Language (OGNL) injection, OGNL being an open-source expression language for getting and setting properties of Java objects. Akamai researchers predicted that this vulnerability will continue to be exploited "for at least the next couple of years." It's researchers are seeing an average of 20,000 exploitation attempts a day after having peaked at 100,000 a day immediately after the vulnerability was reported. Update July 4: Despite the warning to upgrade from Atlassian, threat actors still see opportunity from the vulnerability according to a June 28 from Akamai. The company urges customers to upgrade to the newly released versions 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4 and 7.18.1, depending on which release they use. The vulnerability, now tracked as CVE-2022-26134, is rated critical and allows unauthenticated attackers to gain remote code execution (RCE) on servers hosting the affected Confluence versions. According to data from Cloudflare's web application firewall (WAF) service, the attacks started in late May. Software firm Atlassian released emergency patches for its popular Confluence Server and Data Center products after reports came to light late last week that attackers were exploiting an unpatched vulnerability in the wild.
0 Comments
Leave a Reply. |