CVE-2021-26084

Vulnerability updated 7 months ago (2024-05-04T19:25:38.023Z)
Download STIX
Preview STIX
CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection attacks, posing a significant threat to data security. This vulnerability is an iteration of a previous Confluence vulnerability that cyber actors exploited during 2022. In addition to this, CVE-2021-26084 was also utilized by Cerber ransomware (also known as CerberImposter) in attacks targeting Atlassian Confluence servers two years ago. The bug was previously exploited to install crypto-miners, highlighting the diverse malicious uses of this vulnerability. Furthermore, this vulnerability was part of a larger list of bugs discovered in 2021, including those affecting Microsoft Exchange and Apache's open-source software, which required a coordinated global mitigation effort throughout 2022. The group known as Gold Melody has been linked to multiple attacks exploiting various security flaws, including CVE-2021-26084. Their history of exploiting vulnerabilities spans across a range of software products from Oracle WebLogic to Apache Log4j. Therefore, it is evident that the CVE-2021-26084 vulnerability in Atlassian Confluence has been a significant issue, leveraged by multiple cyber actors for various malicious activities.
Description last updated: 2024-05-04T18:38:50.764Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Confluence
Vulnerability
Exploit
Atlassian
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The APT40 Threat Actor is associated with CVE-2021-26084. APT40, a threat actor attributed to China, is a cyber espionage group that primarily targets countries of strategic importance to the Belt and Road Initiative. The group is known for its use of a variety of attack vectors, notably spear-phishing emails posing as individuals likely to be of interest Unspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2021-31207 Vulnerability is associated with CVE-2021-26084. CVE-2021-31207 is a significant software vulnerability that has been exploited by APT40, a group known for rapidly taking advantage of newly public vulnerabilities in widely used software. This particular vulnerability affects Atlassian Confluence and Microsoft Exchange, among other platforms, and aUnspecified
3
The CVE-2021-44228 Vulnerability is associated with CVE-2021-26084. CVE-2021-44228, also known as the Log4Shell vulnerability, is a significant flaw in Apache's Log4j software. Disclosed in December 2021, it quickly became one of the most severe bugs due to its widespread usage and potential for exploitation. Various Advanced Persistent Threat (APT) actors attemptedUnspecified
3
The Follina Vulnerability is associated with CVE-2021-26084. Follina (CVE-2022-30190) is a software vulnerability that was discovered and exploited in the first half of 2022. It was weaponized by TA413, a malicious entity known for its cyber attacks, shortly after its discovery and publication. The vulnerability was used to target the Sophos Firewall product,Unspecified
2
The Log4Shell Vulnerability is associated with CVE-2021-26084. Log4Shell is a significant software vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) that exists in the Log4j Java-based logging utility. It was exploited by various Advanced Persistent Threat (APT) actors, including LockBit affiliates and GOLD MELODY (UNC961), to gain unauthorizedUnspecified
2
The Proxyshell Vulnerability is associated with CVE-2021-26084. ProxyShell is a vulnerability that affects Microsoft Exchange email servers, posing a significant risk to organizations worldwide. This flaw in software design or implementation allows attackers to exploit the system and gain unauthorized access. Since early 2021, Iranian government-sponsored APT acUnspecified
2
Source Document References
Information about the CVE-2021-26084 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
3 months ago
CISA
9 days ago
Securityaffairs
4 months ago
CISA
5 months ago
CERT-EU
9 months ago
CERT-EU
a year ago
CERT-EU
a year ago
Malwarebytes
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Malwarebytes
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
Securityaffairs
a year ago