Vulnerability Insights: Confluence Server and Cosmos DB Reports

“Security is always seen as too much until the day it’s not enough.”

^{– William H. Webster, former FBI Director}

As we all know, every year, thousands of new vulnerabilities are discovered, requiring organizations to patch operating systems, update applications, and reconfigure security settings throughout the entirety of their IT environments, including the cloud.

This is why so many of us are increasingly proactive in addressing vulnerabilities before they are utilized in cyberattacks, and why this has become the prevailing mindset at organizations with mature security practices.

As cyberattacks continue to increase in volume and sophistication across every industry and category, threat analysts and frontline security teams are flooded with information. The consequences of missing critical information are astronomical, but no human can keep up with this onslaught of data.

Beyond building a market-leading cloud SIEM, these are some of the reasons why Logz.io security analysts and engineering teams are constantly on the lookout for reports of new and previously unknown vulnerabilities in popular applications and services – those that we know our customers rely on. Moving forward, our plan is to post periodic updates on such issues that we feel our clients and other organizations need to monitor to protect their digital assets and data.

Relevant Vulnerability Details

In this blog post we’ll review a pair of serious and troublesome vulnerabilities that organizations should be aware of to mitigate related risks.

Confluence Server Vulnerability: CVE-2021-26084: The vulnerability permits the injection of OGNL code and thus allows an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. In some cases, even a user who is not authenticated can exploit the vulnerability. Since the vulnerability was first reported, security experts have seen widespread searches for vulnerable Confluence servers and active exploitation attempts. We recommend all Confluence Server administrators update as soon as possible.
Azure Cosmos DB vulnerability: A recently reported vulnerability in Microsoft Azure’s flagship Cosmos DB database left customers susceptible to cyberattacks. If exploited successfully, an attacker could utilize the issues to gain access to the accounts and databases of thousands of Azure clients. Note that Microsoft announced that it has reportedly fixed the issue.

Unmitigated vulnerabilities provide opportunities for attackers to enter your environment, abuse resources, steal data, or deny access to services. If you do not identify – and/or make sure your most high-priority vulnerabilities are patched – you’re effectively leaving the doors and windows open to attackers to enter your network.

We look forward to providing useful information on emerging vulnerabilities on an ongoing basis. If you have any related suggestions or feedback, please let us know.

Are you looking to seamlessly manage security events and help prioritize vulnerabilities with an easy-to-integrate and fully managed SIEM solution? Click here to request a demo or get more information on our next-gen cloud native SIEM platform.

Stay safe!