CVE-2021-26084

Vulnerability updated 4 months ago (2024-05-04T19:25:38.023Z)
Download STIX
Preview STIX
CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection attacks, posing a significant threat to data security. This vulnerability is an iteration of a previous Confluence vulnerability that cyber actors exploited during 2022. In addition to this, CVE-2021-26084 was also utilized by Cerber ransomware (also known as CerberImposter) in attacks targeting Atlassian Confluence servers two years ago. The bug was previously exploited to install crypto-miners, highlighting the diverse malicious uses of this vulnerability. Furthermore, this vulnerability was part of a larger list of bugs discovered in 2021, including those affecting Microsoft Exchange and Apache's open-source software, which required a coordinated global mitigation effort throughout 2022. The group known as Gold Melody has been linked to multiple attacks exploiting various security flaws, including CVE-2021-26084. Their history of exploiting vulnerabilities spans across a range of software products from Oracle WebLogic to Apache Log4j. Therefore, it is evident that the CVE-2021-26084 vulnerability in Atlassian Confluence has been a significant issue, leveraged by multiple cyber actors for various malicious activities.
Description last updated: 2024-05-04T18:38:50.764Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Confluence
Vulnerability
Exploit
Atlassian
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
IDTypeVotesProfile Description
APT40Unspecified
2
APT40 is a China-attributed cyber espionage group known for targeting countries strategically significant to the Belt and Road Initiative. The group has been linked to at least 51 different code families, exhibiting a broad range of capabilities. APT40 typically employs spear-phishing emails, often
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
IDTypeVotesProfile Description
CVE-2021-31207Unspecified
3
CVE-2021-31207 is a significant software vulnerability that has been exploited by APT40, a group known for rapidly taking advantage of newly public vulnerabilities in widely used software. This particular vulnerability affects Atlassian Confluence and Microsoft Exchange, among other platforms, and a
CVE-2021-44228Unspecified
3
CVE-2021-44228, also known as the Log4Shell vulnerability, is a significant flaw in Apache's Log4j software. Disclosed in December 2021, it quickly became one of the most severe bugs due to its widespread usage and potential for exploitation. Various Advanced Persistent Threat (APT) actors attempted
FollinaUnspecified
2
Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou
Log4ShellUnspecified
2
Log4Shell is a significant software vulnerability that exists within the Log4j Java-based logging utility. The vulnerability, officially designated as CVE-2021-44228, allows potential attackers to execute arbitrary code on targeted systems. Advanced Persistent Threat (APT) actors, including LockBit
ProxyshellUnspecified
2
ProxyShell is a series of vulnerabilities affecting Microsoft Exchange email servers. These flaws in software design or implementation have been exploited by threat actors to gain unauthorized access and control over targeted systems. The ProxyShell vulnerability, officially tracked as CVE-2021-3447
Source Document References
Information about the CVE-2021-26084 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
2 months ago
Cybersecurity agencies warn of China-linked APT40 's capabilities
CISA
2 months ago
People’s Republic of China (PRC) Ministry of State Security APT40 Tradecraft in Action | CISA
CERT-EU
7 months ago
Sensor Intel Series: Top CVEs in December 2023
CERT-EU
9 months ago
Sensor Intel Series: Top CVEs in October 2023
CERT-EU
10 months ago
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks
Malwarebytes
a year ago
Update now! Atlassian Confluence vulnerability is being actively exploited
CERT-EU
a year ago
Sensor Intel Series: Top CVEs in August 2023 | F5 Labs
CERT-EU
a year ago
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
CERT-EU
a year ago
Qualys Top 20 Exploited Vulnerabilities | Qualys Security Blog
Malwarebytes
a year ago
2022's most routinely exploited vulnerabilities—history repeats
CERT-EU
a year ago
Unmasking the top exploited vulnerabilities of 2022 – GIXtools
BankInfoSecurity
a year ago
Patching Conundrum: 5-Year Old Flaw Again Tops Most-Hit List
CERT-EU
a year ago
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities
CERT-EU
a year ago
FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022
CERT-EU
a year ago
Most exploited cyber vulnerabilities of 2022 revealed
CERT-EU
a year ago
CISA Advisory of Top 42 Frequently Exploited Flaws of 2022
BankInfoSecurity
a year ago
Patching Conundrum: 4-Year Old Flaw Again Tops Most-Hit List
Securityaffairs
a year ago
CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022
CERT-EU
a year ago
Old vulnerabilities, major vendors dominate list of most-exploited flaws of 2022
CERT-EU
a year ago
FBI, CISA, and NSA reveal top exploited vulnerabilities of 2022