CVE-2022-26134

Vulnerability Profile Updated 3 months ago

Download STIX

Preview STIX

CVE-2022-26134 is a critical software vulnerability that was discovered in Atlassian Confluence Server and Data Center. This flaw, which allows for remote code execution (RCE), was publicly disclosed by Atlassian in June 2022. The Cybersecurity and Infrastructure Security Agency (CISA) recognized the severity of this vulnerability and added it to their catalog of known exploited vulnerabilities shortly after its disclosure. The Peach Sandstorm Advanced Persistent Threat (APT) group has been observed attempting to exploit this vulnerability, among others, in order to gain initial access to targeted environments. The group has used CVE-2022-26134 as part of its ongoing campaign, exploiting it alongside other known vulnerabilities such as CVE-2022-47966, which affects Zoho ManageEngine products. These RCE vulnerabilities have been used as an alternate attack method to password spraying, allowing the group to remotely exploit vulnerable applications. This vulnerability, being the second most exploited, has had significant impacts on cybersecurity. It has been used not only by the Peach Sandstorm APT but also by other threat actors, including North Korea's Lazarus Group and an unknown group that targeted a U.S. aeronautical organization. The widespread exploitation of CVE-2022-26134 underscores the importance of timely patching and maintaining up-to-date security measures to protect against such threats.

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Exploit

Confluence

Atlassian

exploited

Manageengine

Remote Code ...

RCE (Remote ...

Zero Day

Apt

Chromium

Associated Malware

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
No associations to display

Associated Threat Actors

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
Peach Sandstorm	has used	3	Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a threat actor group believed to be linked to the Iranian nation-state. The group has been active since at least 2013 and has previously targeted sectors such as aerospace and energy for espionag
Lazarus Group	Unspecified	1	The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-

Associated Vulnerabilities

To see the evidence that has resulted in this association, create a free account

ID	Type	Votes	Profile Description
CVE-2022-47966	Unspecified	3	CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-of
Log4Shell	Unspecified	2	Log4Shell is a software vulnerability, specifically a flaw in the design or implementation of the popular Java logging library, Log4j. Identified as CVE-2021-44228, this vulnerability allows an attacker to remotely execute arbitrary code, often leading to full system compromise. Advanced Persistent
Proxyshell	Unspecified	2	ProxyShell is a critical vulnerability affecting Microsoft Exchange email servers. Identified as CVE-2021-34473, it is a flaw in software design or implementation that can be exploited by attackers to gain unauthorized access to systems. The vulnerability was actively exploited by threat actors, cau
CVE-2020-8515	Unspecified	2	None
Follina	Unspecified	2	Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou
CVE-2021-26084	Unspecified	1	CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection atta
CVE-2022-36267	Unspecified	1	None
CVE-2019-15107	Unspecified	1	None
CVE-2022-4257	Unspecified	1	None
CVE-2012-4869	Unspecified	1	None
CVE-2020-15415	Unspecified	1	None
CVE-2021-26085	Unspecified	1	None
CVE-2022-24682	Unspecified	1	None
Proxynotshell	Unspecified	1	ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t

Source Document References

Information about the CVE-2022-26134 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source	CreatedAt	Title
CERT-EU	5 months ago	Misconfigured cloud servers subjected to new Linux malware attack
DARKReading	5 months ago	Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence
InfoSecurity-magazine	5 months ago	Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence
CERT-EU	5 months ago	New Linux Malware Alert: 'Spinning YARN' Hits Docker, other Key Apps
SANS ISC	5 months ago	Scanning for Confluence CVE-2022-26134 - SANS Internet Storm Center
CERT-EU	5 months ago	Sensor Intel Series: Top CVEs in December 2023
CERT-EU	6 months ago	Atlassian reveals critical Confluence RCE flaw, urges "immediate action" (CVE-2023-22527) - Help Net Security
InfoSecurity-magazine	9 months ago	Atlassian Finds Public Exploit for Critical Bug
CERT-EU	9 months ago	Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518) - Help Net Security
BankInfoSecurity	10 months ago	Attackers Exploiting Atlassian Confluence Software Zero-Day
CERT-EU	10 months ago	Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit
Securityaffairs	10 months ago	Atlassian Confluence zero-day CVE-2023-22515 actively exploited
CERT-EU	10 months ago	Detecting zero-days before zero-day – GIXtools
CERT-EU	10 months ago	Iranian Hackers Attack Thousands of Organizations Using Password Spraying
Securityaffairs	10 months ago	Iranian Peach Sandstorm group behind recent password spray attacks - Security Affairs
DARKReading	10 months ago	Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs
CERT-EU	10 months ago	Global password spray attacks target thousands of organizations
CERT-EU	10 months ago	Iranian Threat Group Hits Thousands With Password Spray Campaign
CERT-EU	10 months ago	Cyber Security Week in Review: September 15, 2023
CERT-EU	10 months ago	Iranian Nation-State Actors Employ Password Spray Attacks Targeting Multiple Sectors