CVE-2022-26134

Vulnerability Profile Updated 2 months ago
Download STIX
Preview STIX
CVE-2022-26134 is a critical software vulnerability that was discovered in Atlassian Confluence Server and Data Center. This flaw, which allows for remote code execution (RCE), was publicly disclosed by Atlassian in June 2022. The Cybersecurity and Infrastructure Security Agency (CISA) recognized the severity of this vulnerability and added it to their catalog of known exploited vulnerabilities shortly after its disclosure. The Peach Sandstorm Advanced Persistent Threat (APT) group has been observed attempting to exploit this vulnerability, among others, in order to gain initial access to targeted environments. The group has used CVE-2022-26134 as part of its ongoing campaign, exploiting it alongside other known vulnerabilities such as CVE-2022-47966, which affects Zoho ManageEngine products. These RCE vulnerabilities have been used as an alternate attack method to password spraying, allowing the group to remotely exploit vulnerable applications. This vulnerability, being the second most exploited, has had significant impacts on cybersecurity. It has been used not only by the Peach Sandstorm APT but also by other threat actors, including North Korea's Lazarus Group and an unknown group that targeted a U.S. aeronautical organization. The widespread exploitation of CVE-2022-26134 underscores the importance of timely patching and maintaining up-to-date security measures to protect against such threats.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Exploit
Confluence
Atlassian
exploited
Manageengine
Remote Code ...
RCE (Remote ...
Zero Day
Apt
Chromium
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Peach Sandstormhas used
3
Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, and REFINED KITTEN, is a threat actor group believed to be linked to the Iranian nation-state. The group has been active since at least 2013 and has previously targeted sectors such as aerospace and energy for espionag
Lazarus GroupUnspecified
1
The Lazarus Group, a notorious threat actor attributed to North Korea, has been linked to numerous high-profile cyberattacks worldwide. This group is known for its sophisticated techniques and exploits, including the largest decentralized finance exploit in history, the Ronin exploit of March 2022,
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2022-47966Unspecified
3
CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-of
Log4ShellUnspecified
2
Log4Shell is a critical software vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) in the logging feature of the Java programming language, known as Log4j. This flaw was publicly disclosed on December 9, 2021, impacting millions of devices and applications globally, including those
ProxyshellUnspecified
2
ProxyShell is a chain of three vulnerabilities (tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207) that affect Microsoft Exchange email servers. These vulnerabilities allow unauthenticated attackers to gain administrator access and execute remote code on unpatched servers. Discovered in
CVE-2020-8515Unspecified
2
None
FollinaUnspecified
2
Follina, also known as CVE-2022-30190, is a notable software vulnerability that was discovered and exploited in the first half of 2022. This flaw, found in the Microsoft Windows Support Diagnostic Tool (MSDT), was weaponized by TA413, a cyber threat actor group with suspected ties to China. The grou
CVE-2021-26084Unspecified
1
CVE-2021-26084 is a critical vulnerability related to Atlassian's Confluence software. The flaw in the software design or implementation was first exploited as a zero-day, before its public disclosure in June 2022. It allowed remote attackers to execute code on a Confluence Server via injection atta
CVE-2022-36267Unspecified
1
None
CVE-2019-15107Unspecified
1
None
CVE-2022-4257Unspecified
1
None
CVE-2012-4869Unspecified
1
None
CVE-2020-15415Unspecified
1
None
CVE-2021-26085Unspecified
1
None
CVE-2022-24682Unspecified
1
None
ProxynotshellUnspecified
1
ProxyNotShell is a software vulnerability, specifically a flaw in the design or implementation of Microsoft Exchange Server. It was first identified and exploited through CVE-2022-41082, as reported by Palo Alto Networks' Unit 42. The ProxyNotShell exploit method leveraged an AutoDiscover endpoint t
Source Document References
Information about the CVE-2022-26134 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Malwarebytes
10 months ago
2022's most routinely exploited vulnerabilities—history repeats
Securityaffairs
a year ago
2022 Zero-Day exploitation continues at a worrisome pace
CERT-EU
a year ago
Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities
InfoSecurity-magazine
a year ago
CVEs Surge By 25% in 2022 to Another Record High
CERT-EU
9 months ago
Detecting zero-days before zero-day – GIXtools
BankInfoSecurity
a year ago
Patching Conundrum: 5-Year Old Flaw Again Tops Most-Hit List
SecurityIntelligence.com
10 months ago
X-Force releases detection & response framework for managed file transfer software
DARKReading
9 months ago
Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs
CERT-EU
a year ago
Unmasking the top exploited vulnerabilities of 2022 – GIXtools
CERT-EU
4 months ago
Misconfigured cloud servers subjected to new Linux malware attack
CERT-EU
4 months ago
New Linux Malware Alert: 'Spinning YARN' Hits Docker, other Key Apps
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA
BankInfoSecurity
a year ago
Patching Conundrum: 4-Year Old Flaw Again Tops Most-Hit List
CERT-EU
a year ago
CISA Advisory of Top 42 Frequently Exploited Flaws of 2022
CERT-EU
9 months ago
Iranian Threat Group Hits Thousands With Password Spray Campaign
CERT-EU
a year ago
20th February – Threat Intelligence Report - Check Point Research
CERT-EU
4 months ago
Sensor Intel Series: Top CVEs in December 2023
Unit42
a year ago
Mirai Variant V3G4 Targets IoT Devices
Securityaffairs
a year ago
CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022
CISA
a year ago
Top CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors | CISA