Confluence Server: In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an…
Summary
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5.
CISA Known Exploited Vulnerability
- Listed:
- Nov 3, 2021 · federal remediation due Nov 17, 2021
- Required action:
- Apply updates per vendor instructions.
- Ransomware use:
- Known
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
- 6.14.0
- 7.5.0
- 7.12.0
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
- 7.4.11
- 7.11.6
- 7.12.5
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · high-confidence parse· fetched 4 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.