CVE-2022-26134

Vulnerability updated 7 months ago (2024-05-04T18:38:50.619Z)

Download STIX

Preview STIX

CVE-2022-26134 is a critical software vulnerability that was discovered in Atlassian Confluence Server and Data Center. This flaw, which allows for remote code execution (RCE), was publicly disclosed by Atlassian in June 2022. The Cybersecurity and Infrastructure Security Agency (CISA) recognized the severity of this vulnerability and added it to their catalog of known exploited vulnerabilities shortly after its disclosure. The Peach Sandstorm Advanced Persistent Threat (APT) group has been observed attempting to exploit this vulnerability, among others, in order to gain initial access to targeted environments. The group has used CVE-2022-26134 as part of its ongoing campaign, exploiting it alongside other known vulnerabilities such as CVE-2022-47966, which affects Zoho ManageEngine products. These RCE vulnerabilities have been used as an alternate attack method to password spraying, allowing the group to remotely exploit vulnerable applications. This vulnerability, being the second most exploited, has had significant impacts on cybersecurity. It has been used not only by the Peach Sandstorm APT but also by other threat actors, including North Korea's Lazarus Group and an unknown group that targeted a U.S. aeronautical organization. The widespread exploitation of CVE-2022-26134 underscores the importance of timely patching and maintaining up-to-date security measures to protect against such threats.

Description last updated: 2024-05-04T16:22:48.549Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Confluence

Exploit

Atlassian

exploited

Manageengine

Remote Code ...

RCE (Remote ...

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Peach Sandstorm Threat Actor is associated with CVE-2022-26134. Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, or REFINED KITTEN, is a threat actor linked to the Iranian Islamic Revolutionary Guard Corps (IRGC). Active since at least 2013, this espionage group has primarily targeted aerospace and energy sectors, alongside gover	has used	3

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The CVE-2022-47966 Vulnerability is associated with CVE-2022-26134. CVE-2022-47966 is a critical vulnerability discovered in Zoho ManageEngine ServiceDesk Plus, a widely used IT management software. The flaw was exploited by malicious actors to gain unauthorized access to the organization's systems and networks. The exploitation started just five days after proof-of	Unspecified	3
The Follina Vulnerability is associated with CVE-2022-26134. Follina (CVE-2022-30190) is a software vulnerability that was discovered and exploited in the first half of 2022. It was weaponized by TA413, a malicious entity known for its cyber attacks, shortly after its discovery and publication. The vulnerability was used to target the Sophos Firewall product,	Unspecified	2
The vulnerability CVE-2020-8515 is associated with CVE-2022-26134.	Unspecified	2
The Log4Shell Vulnerability is associated with CVE-2022-26134. Log4Shell is a significant software vulnerability (CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105) that exists in the Log4j Java-based logging utility. It was exploited by various Advanced Persistent Threat (APT) actors, including LockBit affiliates and GOLD MELODY (UNC961), to gain unauthorized	Unspecified	2
The Proxyshell Vulnerability is associated with CVE-2022-26134. ProxyShell is a vulnerability that affects Microsoft Exchange email servers, posing a significant risk to organizations worldwide. This flaw in software design or implementation allows attackers to exploit the system and gain unauthorized access. Since early 2021, Iranian government-sponsored APT ac	Unspecified	2

Source Document References

Information about the CVE-2022-26134 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CISA	3 months ago	Russian Military Cyber Actors Target US and Global Critical Infrastructure
CISA	6 days ago	2023 Top Routinely Exploited Vulnerabilities \| CISA
CERT-EU	8 months ago	Misconfigured cloud servers subjected to new Linux malware attack
DARKReading	9 months ago	Cloud-y Linux Malware Rains on Apache, Docker, Redis & Confluence
InfoSecurity-magazine	9 months ago	Linux Malware Targets Docker, Apache Hadoop, Redis and Confluence
CERT-EU	9 months ago	New Linux Malware Alert: 'Spinning YARN' Hits Docker, other Key Apps
SANS ISC	9 months ago	Scanning for Confluence CVE-2022-26134 - SANS Internet Storm Center
CERT-EU	9 months ago	Sensor Intel Series: Top CVEs in December 2023
CERT-EU	10 months ago	Atlassian reveals critical Confluence RCE flaw, urges "immediate action" (CVE-2023-22527) - Help Net Security
InfoSecurity-magazine	a year ago	Atlassian Finds Public Exploit for Critical Bug
CERT-EU	a year ago	Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518) - Help Net Security
BankInfoSecurity	a year ago	Attackers Exploiting Atlassian Confluence Software Zero-Day
CERT-EU	a year ago	Critical Zero-Day Bug in Atlassian Confluence Under Active Exploit
Securityaffairs	a year ago	Atlassian Confluence zero-day CVE-2023-22515 actively exploited
CERT-EU	a year ago	Detecting zero-days before zero-day – GIXtools
CERT-EU	a year ago	Iranian Hackers Attack Thousands of Organizations Using Password Spraying
Securityaffairs	a year ago	Iranian Peach Sandstorm group behind recent password spray attacks - Security Affairs
DARKReading	a year ago	Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs
CERT-EU	a year ago	Global password spray attacks target thousands of organizations
CERT-EU	a year ago	Iranian Threat Group Hits Thousands With Password Spray Campaign