CVE-2022-26134

Vulnerability updated 23 days ago (2024-11-29T13:37:07.977Z)
Download STIX
Preview STIX
CVE-2022-26134 is a critical software vulnerability that was discovered in Atlassian Confluence Server and Data Center. This flaw, which allows for remote code execution (RCE), was publicly disclosed by Atlassian in June 2022. The Cybersecurity and Infrastructure Security Agency (CISA) recognized the severity of this vulnerability and added it to their catalog of known exploited vulnerabilities shortly after its disclosure. The Peach Sandstorm Advanced Persistent Threat (APT) group has been observed attempting to exploit this vulnerability, among others, in order to gain initial access to targeted environments. The group has used CVE-2022-26134 as part of its ongoing campaign, exploiting it alongside other known vulnerabilities such as CVE-2022-47966, which affects Zoho ManageEngine products. These RCE vulnerabilities have been used as an alternate attack method to password spraying, allowing the group to remotely exploit vulnerable applications. This vulnerability, being the second most exploited, has had significant impacts on cybersecurity. It has been used not only by the Peach Sandstorm APT but also by other threat actors, including North Korea's Lazarus Group and an unknown group that targeted a U.S. aeronautical organization. The widespread exploitation of CVE-2022-26134 underscores the importance of timely patching and maintaining up-to-date security measures to protect against such threats.
Description last updated: 2024-05-04T16:22:48.549Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Confluence
Exploit
Atlassian
exploited
Manageengine
Remote Code ...
RCE (Remote ...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Peach Sandstorm Threat Actor is associated with CVE-2022-26134. Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, or REFINED KITTEN, is a threat actor linked to the Iranian Islamic Revolutionary Guard Corps (IRGC). Active since at least 2013, this espionage group has primarily targeted aerospace and energy sectors, alongside goverhas used
3
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2022-47966 Vulnerability is associated with CVE-2022-26134. CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-ofUnspecified
3
The Follina Vulnerability is associated with CVE-2022-26134. Follina (CVE-2022-30190) is a software vulnerability that was discovered and exploited in the first half of 2022. It was weaponized by TA413, a malicious entity known for its cyber attacks, shortly after its discovery and publication. The vulnerability was used to target the Sophos Firewall product,Unspecified
2
The vulnerability CVE-2020-8515 is associated with CVE-2022-26134. Unspecified
2
The Log4Shell Vulnerability is associated with CVE-2022-26134. Log4Shell is a significant software vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) that exists in the Log4j Java-based logging utility. It was exploited by various Advanced Persistent Threat (APT) actors, including LockBit affiliates and GOLD MELODY (UNC961), to gain unauthorizedUnspecified
2
The Proxyshell Vulnerability is associated with CVE-2022-26134. ProxyShell is a vulnerability that affects Microsoft Exchange email servers, posing a significant risk to organizations worldwide. This flaw in software design or implementation allows attackers to exploit the system and gain unauthorized access. Since early 2021, Iranian government-sponsored APT acUnspecified
2
Source Document References
Information about the CVE-2022-26134 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
4 months ago
CISA
a month ago
CERT-EU
10 months ago
DARKReading
10 months ago
InfoSecurity-magazine
10 months ago
CERT-EU
10 months ago
SANS ISC
10 months ago
CERT-EU
10 months ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago