Attackers Massively Target Atlassian Confluence Vulnerability

June 17, 2022

More than 850 unique IP addresses have attempted to exploit a critical zero-day Atlassian’s Confluence vulnerability, barely a week after a security fix was released.

Confluence is a team workspace application that is used by approximately 75,000 customers. Most of Confluence’s work takes place in the cloud, which was not affected by the vulnerability.

The critical Object Graph Navigation Language (OGNL) vulnerability tracked as CVE-2022-26134 was disclosed in the on-premise versions of Confluence Server and Data Center. The flaw could let an attacker remotely execute code in Confluence Data Center and Server.

According to the GreyNoise researchers, the attacks appear to be quite targeted, as attackers appear to check IP addresses to make sure the IP is running Confluence before starting the attack. Some observed exploit activity includes generic reverse shells, payloads with obfuscation.

Researchers explain that the mass exploitation of the vulnerability may be due to several factors, including the ease of exploitation and valuable information stored in the Confluence database, including passwords, proprietary customer information and other confidential data.

The sources for this piece include an article in CIODIVE.

Top Stories

Related Articles

June 26, 2026 Ford Motor Co. turned to veteran engineers to tackle persistent vehicle quality problems after finding that artificial more...

June 26, 2026 Meta's chief technology officer says employee morale has fallen to one of the lowest levels in the more...

June 26, 2026 Memory chip maker Micron says it has signed 16 long-term strategic customer agreements that include price floors more...

June 26, 2026 IBM says it has developed the world's first functional sub-1 nanometre computer chip, marking what the company more...

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn