CVE-2022-26134
Scores
EPSS Score
0.9443
CVSS
3.x 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
All CVSS Scores
CVSS 4.0
0.0CVSS 3.x
9.8Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0
7.5Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Description
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.
Sources
nvd
CWEs
CWE-917
Related Vulnerabilities
Exploits
Exploit ID: CVE-2022-26134
Source: cisa
URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Reference Links
Vulnerable Software
Type: Configuration
Vendor: atlassian
Product: confluence_data_center
Operating System: * * *
Trait:
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.4.17",
"versionStartIncluding": "1.3",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.13.7",
"versionStartIncluding": "7.13.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.14.3",
"versionStartIncluding": "7.14.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.15.2",
"versionStartIncluding": "7.15.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.16.4",
"versionStartIncluding": "7.16.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.17.4",
"versionStartIncluding": "7.17.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.4.17",
"versionStartIncluding": "1.3",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.13.7",
"versionStartIncluding": "7.13.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.14.3",
"versionStartIncluding": "7.14.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.15.2",
"versionStartIncluding": "7.15.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.16.4",
"versionStartIncluding": "7.16.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.17.4",
"versionStartIncluding": "7.17.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: atlassian
Product: confluence_server
Operating System: * * *
Trait:
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.4.17",
"versionStartIncluding": "1.3",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.13.7",
"versionStartIncluding": "7.13.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.14.3",
"versionStartIncluding": "7.14.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.15.2",
"versionStartIncluding": "7.15.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.16.4",
"versionStartIncluding": "7.16.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.17.4",
"versionStartIncluding": "7.17.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_data_center:7.18.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.4.17",
"versionStartIncluding": "1.3",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.13.7",
"versionStartIncluding": "7.13.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.14.3",
"versionStartIncluding": "7.14.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.15.2",
"versionStartIncluding": "7.15.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.16.4",
"versionStartIncluding": "7.16.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.17.4",
"versionStartIncluding": "7.17.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:atlassian:confluence_server:7.18.0:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd