overview

This week, a high-severity vulnerability, tracked as CVE-2024-21683 (CVSS 8.3), has been discovered by SonicWall Capture Labs. This vulnerability allows for authenticated threat actors to execute arbitrary code remotely. 

To exploit this vulnerability, an attacker needs both network access to the vulnerable system and the authorization to introduce new macro languages. Exploiting the vulnerability involves uploading a modified JavaScript language file with malicious code to the "Configure Code Macro" section under "Add a new language". 

SonicWall has provided two signatures (IPS: 4437 and IPS: 4438) to help detect potential exploitation attempts. Due to the existence of a proof-of-concept (PoC) for CVE-2024-21683 and the critical role of Confluence Server in handling documentation and knowledge databases, users are strongly advised to upgrade and patch CVE-2024-21683 as soon as possible. 

 

 

avertium's recommendationS

Affected Versions for Data Center 

  • 8.9.0 
  • from 8.8.0 to 8.8.1 
  • from 8.7.0 to 8.7.2 
  • from 8.6.0 to 8.6.2 
  • from 8.5.0 to 8.5.8 LTS  
  • from 8.4.0 to 8.4.5 
  • from 8.3.0 to 8.3.4 
  • from 8.2.0 to 8.2.3 
  • from 8.1.0 to 8.1.4  
  • from 8.0.0 to 8.0.4  
  • from 7.20.0 to 7.20.3  
  • from 7.19.0 to 7.19.21 LTS 
  • from 7.18.0 to 7.18.3  
  • from 7.17.0 to 7.17.5  
  • Any earlier versions 

 

Affected Versions for Server 

  • from 8.5.0 to 8.5.8 LTS  
  • from 8.4.0 to 8.4.5  
  • from 8.3.0 to 8.3.4 
  • from 8.2.0 to 8.2.3  
  • from 8.1.0 to 8.1.4  
  • from 8.0.0 to 8.0.4  

 
  • from 7.20.0 to 7.20.3  
  • from 7.19.0 to 7.19.21 LTS  
  • from 7.18.0 to 7.18.3  
  • from 7.17.0 to 7.17.5  
  • Any earlier versions 

 

  • Atlassian has published the fixed versions for CVE-2024-21683. Please see Atlassian’s advisory for patch guidance.  

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2024-21683. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 
  • Fusion MXDR  is the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 




 

SUPPORTING DOCUMENTATION

[CONFSERVER-95832] RCE (Remote Code Execution) in Confluence Data Center and Server - Create and track feature requests for Atlassian products. 

Confluence Data Center and Server Remote Code Execution Vulnerability | SonicWall 

Atlassian Confluence High-Severity Bug Allows Code Execution (darkreading.com) 

 
Chat With One of Our Experts



Flash Notice SonicWall Atlassian High-Severity Vulnerability Atlassian Confluence Blog