CVE-2024-21683
HIGHCVSS v3
8.8
HIGH
EPSS Score
94.1%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.
Technical Details
- Published
- 5/21/2024
Frequently Asked Questions
What is CVE-2024-21683?
This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.
Is CVE-2024-21683 actively exploited?
Active exploitation of CVE-2024-21683 has not been confirmed. The EPSS score is 94.1%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2024-21683?
CVE-2024-21683 has a CVSS v3 base score of 8.8 (HIGH severity).
Is CVE-2024-21683 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.