CVE-2022-26134#

Statement on CVE-2022-26134 OGNL Injection Vulnerability #

June 27, 2022

Information #

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

Severity #

Low

Response #

Melissa Data Corporation (“Melissa”) was not impacted by the remote code execution (RCE) vulnerability in Confluence Server & Data Center as we do not utilize Confluence Server & Data Center.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.

If you have any additional questions, please contact Melissa’s Compliance department at Compliance@melissa.com.

CVE-2022-26134

Contents

CVE-2022-26134#

Statement on CVE-2022-26134 OGNL Injection Vulnerability#

Information#

Severity#

Response#

Statement on CVE-2022-26134 OGNL Injection Vulnerability #

Information #

Severity #

Response #