BI.ZONE WAF counters critical vulnerability in Confluence
Information about the new vulnerability and its exploitation by adversaries became public in early October. Atlassian, the developer of the Confluence software, rated the vulnerability as critical (CVSS score 10 out of 10).
CVE-2023-22515 affects publicly accessible Confluence Server and Confluence Data Center instances in versions 8.0.0 through 8.5.1. A flaw in the web application logic enables attackers to create unauthorized Confluence administrator accounts and execute program code on the server.
As the vulnerability does not affect Confluence Server and Confluence Data Center prior to 8.0.0, the users of these earlier versions do not need to take additional security measures.
At least five proofs of concept for the vulnerability are now available publicly.
Basic BI.ZONE WAF vulnerability protection rules are available to all users. If necessary, our experts can configure additional rules customized to the company’s specific web applications and their business logic.