Polaris customers protected from the latest CVE-2022-26134 exploit
New Vulnerability Discovered
The CVE-2022-26134 vulnerability was highlighted by Atlassian on June 02, 2022. According to Atlassian’s advisory, all supported versions of Confluence Server and Data Center are affected.
The vulnerability is being exploited on the internet and is a critical one as it allows attackers to execute unauthorized remote code on the servers. This type of vulnerability needs significant attention as attackers are able to gain full control of a vulnerable system without credentials as long as web requests can be made to the Confluence Server system.
Polaris customers are protected from the CVE-2022-26134
As of the time of this post, there is no official patch yet for the issue. Atlassian updates for this vulnerability can be tracked here: https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
At Polaris, our security engineers have investigated and are confident that our WAF engine can effectively mitigate most attack vectors so all customers' websites under the protection of the Polaris WAAP platform are being protected from CVE-2022-26134 exploit.
We shall continue to track the issue and update our WAF rules when necessary to protect our clients from new attack vectors and vulnerabilities.