Databases Reference
In-Depth Information
The exploitation is usually straightforward, meaning that the attackers
don't need any special credentials or knowledge about individuals in
your installation.
The exploitation of the vulnerability results in root-level compromise of
your servers or other infrastructure devices.
For critical vulnerability, it is advised that you patch
or upgrade as soon as possible, unless you have other
measures in place. For example, if your Confluence
installation is not accessed from the Internet.
•
High
: Here, the exploitation doesn't result in elevated privileges.
The exploitation doesn't result in significant data loss or corruption.
And, the vulnerability is difficult to exploit.
•
Medium
: The denial-of-service vulnerabilities are difficult to set up.
These vulnerabilities affect only nonstandard configurations or obscure
applications.
This includes exploits that require an attacker to reside on the same local
network as the victim.
This includes vulnerabilities that require the attacker to manipulate
individual victims via social engineering tactics.
This includes vulnerabilities where exploitation provides only very
limited access.
•
Low
: Vulnerabilities in the low range normally have very little impact on an
organization's business. Exploitation of such vulnerabilities usually requires
local or physical system access.
When a critical severity vulnerability is discovered, and resolved, Atlassian will
inform their customers using the following channels:
• Atlassian will post a security advisory in the latest documentation of
Confluence at the same time as a fix for the vulnerability is released.
Check the following link:
https://confluence.atlassian.com/display/DOC/Confluence+Securit
y+Overview+and+Advisories
• Atlassian will send a copy of the security advisory to the "Technical Alerts"
mailing list.
