Context over chaos. Disconnected technologies, siloed data, and reactive processes can only get you so far. Protecting businesses in today’s threat landscape demands more than a set of security tools – it requires context.
That's where Avertium comes in
Security. It’s in our DNA. It’s elemental, foundational. Something that an always-on, everything’s-IoT-connected world depends on.
Helping mid-to-enterprise organizations protect assets and manage risk is our only business. Our mission is to make our customers’ world a safer place so that they may thrive in an always-on, connected world.
Best-in-class technology from our partners... backed by service excellence from Avertium.
Interested in becoming a partner?
With Avertium's deal registration, partners can efficiently and confidently connect with Avertium on opportunities to protect your deals.
Microsoft Copilot for Security analyzes and synthesizes high volumes of security data which can help healthcare cybersecurity teams do more with less.
Dive into our resource hub and explore top
cybersecurity topics along with what we do
and what we can do for you.
A hardcoded credentials vulnerability was found in the Questions for Confluence app and is under active exploitation. The vulnerability allows remote, unauthenticated attackers that know the hardcoded password for specific accounts in the app, to gain access to non-restricted pages in Confluence.
CVE-2022-26138 was observed to be under active exploitation by Rapid7 and affects several on-premises Confluence products, including:
The vulnerability was patched by Atlassian last week but was not being exploited by attackers at that time. However, once the hardcoded password was released on social media, attackers quickly sprang into action. Although the vulnerability only exists when the Questions for Confluence app is enabled on the below affected versions, we urge that you patch immediately. See the affected versions below:
According to Rapid 7, If an attacker successfully exploits CVE-2022-26138, they will be able to create a user account with a hardcoded password and add the account to a user group, allowing access to all non-restricted pages in Confluence. Ultimately, the attacker will be able to browse an organization’s Confluence.
Please keep in mind that although the vulnerability stems from the disabledsystemuser account, which helps administrators migrate data from the app to the Confluence cloud, CVE-2022-26138 does not impact the Confluence Cloud instance. If your organization uses on-premises Confluence, following Atlassian’s guidance on patching is the best option.
INDICATOR'S OF COMPROMISE (IOCS):
According to Atlassian, the following have been identified as sources of malicious activity:
Active Exploitation of Atlassian’s Questions for Confluence App CVE-2022-26138 | Rapid7 Blog
Atlassian Confluence Hardcoded Credentials Bug Actively Exploited | Decipher (duo.com)
Related Reading: Flash Notice: New Ransomware Family, HavanaCrypt, Disguises Itself as Fake Google Update
Contact us for more information about Avertium’s managed security service capabilities.