<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-ligatures:standardcontextual;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.hgkelc
{mso-style-name:hgkelc;}
.MsoChpDefault
{mso-style-type:export-only;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:879977933;
mso-list-type:hybrid;
mso-list-template-ids:-1586354610 794186876 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:1292977958;
mso-list-template-ids:1683025832;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1496217853;
mso-list-type:hybrid;
mso-list-template-ids:1152963076 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l3
{mso-list-id:1618176175;
mso-list-template-ids:-1831820574;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4
{mso-list-id:2026399730;
mso-list-template-ids:41186062;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><a name="_Hlk122600425">Good morning,</a><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none"><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">The SOC Services team is reporting on the vulnerability: MS-ISAC ADVISORY 2023-115<b><i>
</i></b></span><span style="mso-bookmark:_Hlk122600425">A Vulnerability in Atlassian Confluence Server and Data Center Could Allow for Privilege Escalation. Due to its high visibility, knowledge of the software installed in the state environment, and active
exploitations, we are providing this in-depth information:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>History</u></b>: On October 4<sup>th</sup>, 2023, Atlassian released updates to patch Confluence Server and Confluence Data Center. CVE-2023-22515 was established on October 4<sup>th</sup>,
2023, and is currently assigned a CVSSv3 rating of 8.8 (High)The vulnerability is described as a critical privilege escalation vulnerability which is remotely exploitable affecting on-premises instances of Confluence Server and Confluence Data Center.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">The following products are affected:<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.0.0<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.0.1<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.0.2<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.0.3<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.0.4<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.1.0<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.1.1<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.1.3<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.1.4<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.2.0<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.2.1<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.2.2<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.2.3<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.3.0<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.3.1<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.3.2<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.4.0<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.4.1<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.4.2<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.5.0<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l4 level1 lfo3">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.5.1<o:p></o:p></span></span></li></ul>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">** Versions PRIOR to 8.0.0 are not affected by this vulnerability<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">Patches are available from Atlassian to fix the vulnerabilities. The fixed versions are:<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo4">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.3.3 or later<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo4">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.4.3 or later<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l1 level1 lfo4">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">8.5.2 (Long Term Support release) or later<o:p></o:p></span></span></li></ul>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425">Further information is available from Atlassian:<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1"><span style="mso-bookmark:_Hlk122600425"></span><a href="https://confluence.atlassian.com/kb/faq-for-cve-2023-22515-1295682188.html"><span style="mso-bookmark:_Hlk122600425">https://confluence.atlassian.com/kb/faq-for-cve-2023-22515-1295682188.html</span><span style="mso-bookmark:_Hlk122600425"></span></a><span style="mso-bookmark:_Hlk122600425"><o:p></o:p></span></li></ul>
<p><span style="mso-bookmark:_Hlk122600425"><b><u>Intelligence</u></b>: As of October 4th, 2023, Atlassian is aware that CVE-2023-22515 has been exploited in the wild. It is very likely that this exploit will continue to be leveraged by threat actors over
the coming months. Upgrading to a fixed version solves the issue of the vulnerability but does not remove the possible compromise.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>Workarounds:</u></b> If you are unable to upgrade to one of the fixed versions, you should implement mitigations such as cutting off access to the instances from external networks and blocking
access to the <em><span style="font-family:"Calibri",sans-serif">/setup/*</span></em> endpoints on Confluence instances.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u><span style="background:yellow;mso-highlight:yellow"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>How it works</u></b>: </span><span style="mso-bookmark:_Hlk122600425"><span class="hgkelc"><span lang="EN">CVE-2023-22515, allows attackers to create unauthorized administrative accounts on
external-facing Confluence servers so that they can access the instance. The attacker could then perform administrative actions in the context of the confluence instance. Atlassian has reported that attackers are exploiting the vulnerability.<o:p></o:p></span></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><span class="hgkelc"><span lang="EN"><o:p> </o:p></span></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>Post-Exploit</u></b>: Upon successful exploitation of the vulnerabilities, DESCIPTION OF ADVERSARIAL ACTIVITY.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p><span style="mso-bookmark:_Hlk122600425">Admins should also check for indicators of compromise, which are:<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo5">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Unexpected members of the
<i>confluence-administrator</i> group<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo5">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Unexpected newly created user accounts<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo5">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Requests to
<i>/setup/*.action</i> in network access logs<o:p></o:p></span></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l3 level1 lfo5">
<span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Presence of
<i>/setup/setupadministrator.action</i> in an exception message in <i>atlassian-confluence-security.log</i> in the Confluence home directory<o:p></o:p></span></span></li></ul>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="mso-bookmark:_Hlk122600425">As of October 4th, 2023, the following vulnerability plugins have been released and are currently in Tenable Security Center:<o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425"><b><u>Plugin<o:p></o:p></u></b></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="672" valign="top" style="width:7.0in;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425"><b><u>Title<o:p></o:p></u></b></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="120" valign="top" style="width:90.2pt;border:solid windowtext 1.0pt;border-left:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425"><b><u>Severity<o:p></o:p></u></b></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425">182550<o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="mso-bookmark:_Hlk122600425"><span style="mso-ligatures:none">Atlassian Confluence 8.x < 8.3.3 / 8.4.x < 8.4.3 / 8.5.x < 8.5.2 (CONFSERVER-92475)<o:p></o:p></span></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<p class="MsoNormal" align="center" style="text-align:center"><span style="mso-bookmark:_Hlk122600425">High<o:p></o:p></span></p>
</td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
<tr>
<td width="119" valign="top" style="width:89.5pt;border:solid windowtext 1.0pt;border-top:none;padding:0in 5.4pt 0in 5.4pt">
<span style="mso-bookmark:_Hlk122600425"></span></td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="672" valign="top" style="width:7.0in;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<span style="mso-bookmark:_Hlk122600425"></span></td>
<span style="mso-bookmark:_Hlk122600425"></span>
<td width="120" valign="top" style="width:90.2pt;border-top:none;border-left:none;border-bottom:solid windowtext 1.0pt;border-right:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<span style="mso-bookmark:_Hlk122600425"></span></td>
<span style="mso-bookmark:_Hlk122600425"></span>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"><b><u>Recommended Actions</u></b>:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_Hlk122600425"> <o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="mso-list:l2 level1 lfo2"><span style="mso-bookmark:_Hlk122600425">Verify host has not been compromised before applying patches.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l2 level1 lfo2"><span style="mso-bookmark:_Hlk122600425">Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l2 level1 lfo2"><span style="mso-bookmark:_Hlk122600425">Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.<o:p></o:p></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo2">
<span style="mso-bookmark:_Hlk122600425">Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.<o:p></o:p></span></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l2 level1 lfo2">
<span style="mso-bookmark:_Hlk122600425">Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.<o:p></o:p></span></li><li class="MsoNormal" style="mso-list:l2 level1 lfo2"><span style="mso-bookmark:_Hlk122600425">Apply the Principle of Least Privilege to all systems and services.</span><o:p></o:p></li></ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>