CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 14, 2024

CVE-2023-22527

High

CVSS 9.8EPSS 94.4%CISA KEVPoC AvailableRansomware

Atlassian/Confluence Data Center and Server

Description

Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.

CVSS Score

9.8/ 10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS — Exploit Probability

94.4%

Higher than 100.0% of all CVEs

Weakness Classification (CWE)

CWE-74CWE-74MITRE

Known Exploits

POC

http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.htmlExploit http://packetstormsecurity.com/files/176789/Atlassian-Confluence-SSTI-Injection.htmlExploit https://www.vicarius.io/vsociety/posts/pwning-confluence-via-ognl-injection-for-fun-and-learning-cve-2023-22527Exploit

Required Action

https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html; https://nvd.nist.gov/vuln/detail/CVE-2023-22527

Risk Assessment

CRITICAL

In CISA KEV

Known exploit

Critical CVSS

High EPSS

Ransomware

Details

Severity: High
CVSS: 9.8
EPSS: 94.4%
CWE: CWE-74
Exploit: POC
CISA KEV: Yes
Ransomware: Known
Articles: 0

Timeline

Published

Jan 24, 2024

Added to KEV

Jan 24, 2024

Remediation Due

Feb 14, 2024

Affected Product

Atlassian

Confluence Data Center and Server

View all Atlassian CVEs

External Links

NVD (NIST)CVE Details MITRE CVE