Multiple government and cyber authorities reported on Monday that threat actors exploited a critical (9.8 CVSS) zero-day vulnerability in Atlassian Confluence Data Center and Server.In a joint Cybersecurity Advisory (CSA) released by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), network administrators were advised to apply the updates and the incident response recommendations outlined in the new CSA.The vulnerability — CVE-2023-22515 — has been reportedly exploited by a Chinese-backed threat actor Microsoft tracks at Storm-0062 since Sept. 14, roughly two weeks before Atlassian released patches for it. Storm-0062 is believed to be associated with the Chinese Ministry of State Security.While this CVE in Atlassian’s Confluence server does not apply to Atlassian’s cloud-based Confluence offering, the bug does let adversaries remotely create Confluence administrative accounts, and thereby provide them unfettered control over a Confluence instance, explained John Allison, director of program management for FedRAMP at Checkmarx.
Vulnerability Management, Security Staff Acquisition & Development, Network Security
Atlassian Confluence zero-day exploited by threat actor, US agencies warn

A Chinese-backed threat actor is believed to have exploited the Confluence vulnerability since Sept. 14, roughly two weeks before Atlassian released patches for it. (Adobe Stock Images)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds