BleepingComputer reports that the Cybersecurity and Infrastructure Security Agency has called for the immediate patching of a critical vulnerability in the Questions for Confluence app, tracked as CVE-2022-26138, which has been added to the Known Exploited Vulnerabilities catalog after reports of active exploitation.
Federal agencies have been advised by CISA to address the flaw in vulnerable servers by Aug. 19, while other organizations across the U.S. have been "strongly" urged to remediate the bug as soon as possible.
"These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise," said CISA. CISA's warning comes after Rapid7 had reported ongoing exploitation of the flaw.
"Unsurprisingly, it didnt take long for Rapid7 to observe exploitation once the hardcoded credentials were released, given the high value of Confluence for attackers who often jump on Confluence vulnerabilities to execute ransomware attacks," said Glenn Thorpe of Rapid7.
Network Security, Vulnerability Management, Incident Response
CISA: Urgent patching needed for exploited critical Confluence flaw
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds