CVE-2024-21683

HIGH

CVSS v3

8.8

HIGH

EPSS Score

94.1%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.  Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.

Technical Details

Published
5/21/2024

Frequently Asked Questions

What is CVE-2024-21683?

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction.  Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was found internally.

Is CVE-2024-21683 actively exploited?

Active exploitation of CVE-2024-21683 has not been confirmed. The EPSS score is 94.1%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-21683?

CVE-2024-21683 has a CVSS v3 base score of 8.8 (HIGH severity).

Is CVE-2024-21683 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.