CPO Magazine: 06/9/22
As Naveen Sunkavalley, Chief Architect at Horizon3.ai, notes: “CVE-2022-26134 is about as bad as it gets. The vulnerability is easy to scan for and easy to exploit using a single HTTP GET request … Confluence instances often contain a wealth of user data and business-critical information that is valuable for attackers moving laterally within internal networks. We’ve advised our clients to patch immediately, even if their Confluence instance is not public.”.