Fix CVE-2024-21683 before criminals get to your network as well.
The SonicWall discovered a vulnerability in the Atlassian Confluence Data Center and Server that leads to remote code execution. The vulnerability was identified as CVE-2024-21683 and has a high CVSS score of 8.3 out of 10, which indicates a significant degree of danger.
To exploit the vulnerability, an attacker must have network access to the affected system and the rights to add new macro languages. The researchers explain that the attack is carried out by downloading a fake JavaScript file with malicious code through the Configure Code Macro function > Add A New Language.
In addition, a working PoC exploit already exists for the vulnerability, which makes it even more dangerous. Researchers strongly recommend that users update their systems to the latest versions to prevent possible attacks.
Atlassian Confluence is often targeted by cybercriminals, as the platform is widely used for corporate interaction, software development, and workflow management. It penetrates deep into organizations network environments, which makes its vulnerabilities particularly attractive to attackers.
The SonicWall discovered a vulnerability in the Atlassian Confluence Data Center and Server that leads to remote code execution. The vulnerability was identified as CVE-2024-21683 and has a high CVSS score of 8.3 out of 10, which indicates a significant degree of danger.
To exploit the vulnerability, an attacker must have network access to the affected system and the rights to add new macro languages. The researchers explain that the attack is carried out by downloading a fake JavaScript file with malicious code through the Configure Code Macro function > Add A New Language.
In addition, a working PoC exploit already exists for the vulnerability, which makes it even more dangerous. Researchers strongly recommend that users update their systems to the latest versions to prevent possible attacks.
Atlassian Confluence is often targeted by cybercriminals, as the platform is widely used for corporate interaction, software development, and workflow management. It penetrates deep into organizations network environments, which makes its vulnerabilities particularly attractive to attackers.
