Cyber Command and CISA issue alerts warning those using Atlassian’s Confluence and Data Center products that attackers are actively exploiting the critical remote code execution vulnerability CVE-2021-26084. Cybersecurity firm Bad Packets tweeted a warning on Sept. 1 that attackers were conducting mass scans and that malicious actors were exploiting the flaw. The vulnerability is an object-graph navigation language injection vulnerability that, when exploited, allows an authenticated user, and in some instances unauthenticated user, to execute arbitrary code on a Confluence Server or Data Center instance.”]
Source: https://www.cuinfosecurity.com/atlassian-vulnerability-being-exploited-in-wild-a-17457