CVE-2021-26084

Vulnerability Profile Updated a month ago
Download STIX
Preview STIX
CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection attacks, posing a significant threat to data security. This vulnerability is an iteration of a previous Confluence vulnerability that cyber actors exploited during 2022. In addition to this, CVE-2021-26084 was also utilized by Cerber ransomware (also known as CerberImposter) in attacks targeting Atlassian Confluence servers two years ago. The bug was previously exploited to install crypto-miners, highlighting the diverse malicious uses of this vulnerability. Furthermore, this vulnerability was part of a larger list of bugs discovered in 2021, including those affecting Microsoft Exchange and Apache's open-source software, which required a coordinated global mitigation effort throughout 2022. The group known as Gold Melody has been linked to multiple attacks exploiting various security flaws, including CVE-2021-26084. Their history of exploiting vulnerabilities spans across a range of software products from Oracle WebLogic to Apache Log4j. Therefore, it is evident that the CVE-2021-26084 vulnerability in Atlassian Confluence has been a significant issue, leveraged by multiple cyber actors for various malicious activities.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Confluence
Vulnerability
Exploit
Atlassian
Log4j
Zero Day
Proxy
Apache
Chromium
Ransomware
Payload
Blizzard
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
1
LockBit is a significant malware operation, first surfacing in September 2019 and becoming one of the most active ransomware groups by 2022. Operating under a Ransomware-as-a-Service (RaaS) model, LockBit recruited affiliates to execute attacks using its tools and infrastructure. From its first obse
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Cadet BlizzardUnspecified
1
Cadet Blizzard, a new Advanced Persistent Threat (APT) group linked to Russia's GRU military intelligence unit, has been identified by Microsoft researchers. Active since at least 2020, the group has seen some recent success in its operations. Cadet Blizzard has reportedly received support from at l
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Log4ShellUnspecified
2
Log4Shell, a critical vulnerability in the logging feature of the Java programming language, also known as Log4j, was publicly disclosed on December 9th. This software flaw affected millions of devices and applications globally, including those in Estonia. The vulnerability, officially designated as
FollinaUnspecified
2
Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou
ProxyshellUnspecified
2
ProxyShell is a chain of three vulnerabilities (tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) that affect Microsoft Exchange email servers. These vulnerabilities allow unauthenticated attackers to gain administrator access and execute remote code on unpatched servers. Discovered in
CVE-2021-44228Unspecified
1
CVE-2021-44228, also known as Log4Shell, is a critical vulnerability in the Apache Log4j software library that has been widely exploited since its discovery. This flaw in software design or implementation allows for remote code execution, making it a prime target for malicious actors. Despite multip
CVE-2021-26085Unspecified
1
None
CVE-2021-31207Unspecified
1
None
Proxyshell Cve-2021-34473Unspecified
1
ProxyShell (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) is a set of three chained vulnerabilities that perform unauthenticated remote code execution (RCE) in Microsoft Exchange. Identified as a significant flaw in software design or implementation, it allows unauthorized users to execute arbitra
CVE-2017-7504Unspecified
1
CVE-2017-7504 is a significant software vulnerability identified in the JBoss MQ Java Message Service (JMS). This flaw, rooted in software design and implementation, allows for deserialization attacks when exploited on an internet-exposed server. The vulnerability has been abused by malicious actors
CVE-2020-14882Unspecified
1
None
CVE-2021-35464Unspecified
1
None
CVE-2019-19781Unspecified
1
CVE-2019-19781, also known as the Citrix Directory Traversal Bug, is a software vulnerability that lies in the design or implementation of the software. This flaw allows an attacker to potentially gain unauthorized access to sensitive data or even execute arbitrary code on the compromised system. De
CVE-2021-22205Unspecified
1
CVE-2021-22205 is a significant vulnerability in GitLab, a flaw in software design or implementation that allows for remote code execution. This vulnerability has been assigned the highest severity score (CVSS score: 10.0) due to its potential impact. The bug, which is now two years old, continues t
CVE-2020-14750Unspecified
1
None
CVE-2021-22941Unspecified
1
CVE-2021-22941 is a significant software vulnerability identified in Citrix ShareFile, which allows for remote code execution (RCE). This flaw was exploited by the threat actor group known as GOLD MELODY, also referred to as PROPHET SPIDER. The group has been linked to various attacks exploiting sec
ProxynotshellUnspecified
1
ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t
CVE-2021-34523Unspecified
1
None
CVE-2022-26134Unspecified
1
CVE-2022-26134 is a critical software vulnerability that was discovered in Atlassian Confluence Server and Data Center. This flaw, which allows for remote code execution (RCE), was publicly disclosed by Atlassian in June 2022. The Cybersecurity and Infrastructure Security Agency (CISA) recognized th
CVE-2021-34473Unspecified
1
CVE-2021-34473 is a significant software vulnerability that was discovered in Microsoft Exchange Server. This flaw, along with two others (CVE-2021-31207 and CVE-2021-34523), forms a chain of vulnerabilities known as ProxyShell. These vulnerabilities can be exploited together by remote attackers to
Source Document References
Information about the CVE-2021-26084 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA
SANS ISC
a year ago
InfoSec Handlers Diary Blog - SANS Internet Storm Center
Malwarebytes
8 months ago
Update now! Atlassian Confluence vulnerability is being actively exploited
Malwarebytes
10 months ago
2022's most routinely exploited vulnerabilities—history repeats
CERT-EU
10 months ago
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities
BankInfoSecurity
10 months ago
Patching Conundrum: 5-Year Old Flaw Again Tops Most-Hit List
CERT-EU
10 months ago
Unmasking the top exploited vulnerabilities of 2022 – GIXtools
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA
BankInfoSecurity
10 months ago
Patching Conundrum: 4-Year Old Flaw Again Tops Most-Hit List
CERT-EU
9 months ago
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
CERT-EU
10 months ago
CISA Advisory of Top 42 Frequently Exploited Flaws of 2022
CERT-EU
4 months ago
Sensor Intel Series: Top CVEs in December 2023
Securityaffairs
10 months ago
CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022
CERT-EU
a year ago
Sensor Intel Series: Top CVEs in February 2023 | F5 Labs
CERT-EU
a year ago
Sensor Intel Series: Top CVEs in April 2023 | F5 Labs
CERT-EU
9 months ago
Qualys Top 20 Exploited Vulnerabilities | Qualys Security Blog
CERT-EU
10 months ago
Most exploited cyber vulnerabilities of 2022 revealed
CISA
10 months ago
2022 Top Routinely Exploited Vulnerabilities | CISA
CERT-EU
10 months ago
FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022
CERT-EU
7 months ago
Sensor Intel Series: Top CVEs in October 2023