This Cybersecurity Threat Advisory highlights a new security flaw that has recently been discovered in Atlassian’s Confluence Data Center and Server, which could result in significant data loss if exploited. Tracked as CVE-2023-22518, this vulnerability is rated 9.1 out of a maximum of 10 on the CVSS scoring system. It has been described by Atlassian as an “improper authorization vulnerability.”

What is the exposure or risk?

All versions of Confluence Data Center and Server are at risk of being affected by this vulnerability. Because Confluence sites are only accessible via an atlassian.net domain, there is no impact to confidentiality because attackers are unable to exfiltrate data from that domain. Versions outside of the support window, including those which have reached the end of their services (or End of Life, when manufacturers no longer support that type of hardware) may also be affected.

Several serious security flaws have been found in the Veeam ONE platform for analytics and IT infrastructure monitoring. These vulnerabilities may result in data breaches, illegal access, and NTLM hash theft. To fix these problems, Veeam has published security patches and issued a warning. Read this Cybersecurity Threat Advisory on recommendations to mitigate risks and protect Veeam environments.

Multiple vulnerabilities have been found in Veeam ONE, an IT infrastructure monitoring and analytics platform. CVE-2023-38547, CVE-2023-38548, and CVE-2023-41723 affect Veeam ONE versions 11, 11a, and 12. CVE-2023-38549 affects only Veeam ONE 12.

The initial two vulnerabilities, CVE-2023-38547 and CVE-2023-38548, are rated critical. CVE-2023-38547 can permit an unauthenticated user to access Veeam ONE’s configuration database’s SQL server connection information, potentially leading to remote code execution on the SQL server. CVE-2023-38548 enables unprivileged Veeam ONE Web Client users to obtain the access token of a Veeam ONE Administrator. These weaknesses might permit aggressors to take NTLM hashes and exploit other security shortcomings. Veeam has recognized these issues and delivered security updates to address the weaknesses.

What is the exposure or risk?

These vulnerabilities come with significant risk and exposure. Attackers may be able to obtain sensitive data exfiltration, compromise vital systems, and obtain unauthorized access to an organization’s IT infrastructure if they are successful in their exploit. The effect of a breach may increase if NTLM hashes are stolen since they may allow for more exploitation and lateral movement throughout the network. A successful attack may result in reputational harm as well as monetary losses.