search cancel

Impact on Dollar-U of CVE's INC-1927195 & CVE-2022-26134

book

Article ID: 243572

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

Kindly help to assess if there is any impact on Dollar-U with below mentioned CVE's

we have received 2 security advisories. Kindly help to check and assess if there is any impact on the tool:

1. New Security Incident: (INC-1927195) Hundreds of Elasticsearch databases targeted in ransom attacks
2.We have received an advisory from US-Cert “Atlassian Releases Security Updates for Confluence Server and Data Center, CVE-2022-26134”.

Full details are provided below:
-------------------------------------------------------------------------------------------------
New Security Incident: (INC-1927195) Hundreds of Elasticsearch databases targeted in ransom attacks
We have received an advisory from Infosec team. PFB:
Hackers have targeted poorly secured Elasticsearch databases and replaced 450 indexes with ransom notes asking for $620 to restore contents, amounting to a total demand of $279,000.


According to Secureworks, the threat actors use an automated script to parse unprotected databases, wipe their data, and add the ransom, so there doesn’t appear to be any manual engagement in this operation.

Reference Link: https://www.bleepingcomputer.com/news/security/hundreds-of-elasticsearch-databases-targeted-in-ransom-attacks/
https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note

-------------------------------------------------------------------------------------------


“Atlassian Releases Security Updates for Confluence Server and Data Center, CVE-2022-26134”. 

Atlassian has released a security advisory to address a remote code execution vulnerability (CVE-2022-26134) affecting Confluence Server and Data Center products. An unauthenticated remote attacker could exploit this vulnerability to execute code remotely. Atlassian reports that there is known exploitation of this vulnerability. There are currently no updates available. Atlassian is working to issue an update. 

Reference links: Atlassian Releases Security Updates for Confluence Server and Data Center, CVE-2022-26134 | CISA
Confluence Security Advisory 2022-06-02 | Confluence Data Center and Server 7.18 | Atlassian Documentation

https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html?fireglass_rsn=true#fireglass_params&tabid=a74dffdc2eadd902&start_with_session_counter=3&application_server_address=isolation-sgx3.wss.prod.fire.glass

https://www.cisa.gov/uscert/ncas/current-activity/2022/06/02/atlassian-releases-security-updates-confluence-server-and-data

Environment

Release : 6.x

Component : CA Automic Dollar Universe 

Resolution

1. New Security Incident: (INC-1927195) Hundreds of Elasticsearch databases targeted in ransom attacks

  • Yes we use an Elastic Search Database for DUX, but that shouldn't impact $U, as it is not expected/recommended to expose DUX database to public network. We don't see an impact of this vulnerability on $U.

2.We have received an advisory from US-Cert “Atlassian Releases Security Updates for Confluence Server and Data Center, CVE-2022-26134”.

  • We don't find any usage reference of confluence Server and Data center product in $U. Not impacted