Statement on CVE 2022-26134 Confluence Server and Data Center Unauthenticated Remote Code Execution Vulnerability

June 27, 2022

Information

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1.

Risk

Not Applicable

Response

Melissa Data Corporation (“Melissa”) was not impacted by the remote code execution (RCE) vulnerability in Confluence Server & Data Center as we do not utilize Confluence Server & Data Center.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.