SECURITY ALERT: Improper Authorization Vulnerability in Confluence Data Center and Server (CVE-2023-22518)

Product / Version includes:

Cloud One - Network Security5.5.0.10605 , Deep Security20.0 , Trend Vision OneAll , Cloud One - Network SecurityAll , Cloud One - Endpoint and Workload SecurityAll

Last updated: 2024/05/23

Solution ID: KA-0015592

Category: Update

Summary

On October 31, 2023, Atlassian - the company behind the popular Confluence collaboration workspace product - issued a Critical Security Advisory which outlined an improper authorization vulnerability that could allow an unauthenticated remote attacker to exploit a vulnerable endpoint. The original advisory implored customers to patch as soon as possible and was initially assigned a CVSS score of 9.1 and assigned CVE-2023-22518.

On November 6th, due to more detailed public information being available and reports of active exploitation attempts, the CVSS score was upgraded to a 10.0 (highest possible) due to the change of scope of the attack.

Trend Micro strongly recommends that affected customers apply the necessary patches as soon as possible as well as reviewing the information below for additional Trend Micro investigation and protection tools.

Using Trend Micro Products for Investigation

The following highlights Trend Micro detections and remediation technology that can be used by customers to investigate and help with potential remediation in a customer’s environment.

Trend Vision One™

Trend Vision One customers benefit from attack surface risk management and XDR capabilities of the overall platform, fed by products such as Trend Micro Apex One or Trend Vision One - Endpoint Security, allowing existing customers to stay up to date on the latest information on these vulnerabilities. Leveraging the Risk Insights family of apps, customers can scan for, and identify impacted assets, and stay up to date on latest mitigation steps, including how to use Trend products to detect and defend against exploitation.

Risk Insights > Executive Dashboard

An updated Zero Day Vulnerability page in the Trend Vision One Executive Dashboard has been launched to provide a lot of relevant information in one area for Trend Vision One users and will be updated as more information is released.

^{Click the image to enlarge.}

Trend Micro Protection and Detection Against Exploitation

First and foremost, it is always highly recommended that users apply the vendor's patches when they become available. In this case, it is CRITICAL that affected customers apply the patch as soon as possible.

In addition to the vendor patches, Trend Micro does have some supplementary Rules and Filters that may help provide additional protection against further potential exploits.

Preventative Rules, Filters & Detection

Trend Cloud One - Network Security & TippingPoint Protection Filters

43453: HTTP: Atlassian Confluence Data Center and Server Authentication Bypass Vulnerability

Trend Cloud One - Workload Security & Deep Security IPS Rules

1011899: Atlassian Confluence Data Center and Server Improper Authorization Vulnerability (CVE-2023-22518)

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

SECURITY ALERT: Improper Authorization Vulnerability in Confluence Data Center and Server (CVE-2023-22518)

Using Trend Micro Products for Investigation

Trend Micro Protection and Detection Against Exploitation

Preventative Rules, Filters & Detection

SECURITY ALERT: Improper Authorization Vulnerability in Confluence Data Center and Server (CVE-2023-22518)

Product / Version includes:

Summary

Using Trend Micro Products for Investigation

Trend Micro Protection and Detection Against Exploitation

Preventative Rules, Filters & Detection