There is known exploitation of this vulnerability in Confluence Server version 7.18.0. Subsequent testing indicates that multiple versions of Confluence Server and Data Center, including version 7.4.0 and newer, are vulnerable. There are currently no fixed versions of Confluence Server and Data Center available. Estimated time to deploy the fix is 24 hours. Until then Atlassian recommends to restrict Confluence Server and Data Center instances from the internet or disable them.
Will Jira Data Center end up like Jira Server? Perhaps this question would not have appear in the user`s minds if it wasn`t for the Atlassian Community. After the last two-day conference Team’22, where there was no mention of Data Center further development, Rodney Nissen (aka The Jira Guy) wrote a great critique, with even better title: “Atlassian, we need to talk about Data Center”. See what happened next.
Bitbucket Data Center and Confluence Data Center are vulnerable to Java deserialization attacks (CVE-2016-10750). It`s because of Hazelcast, third-party software, which Attlassian DC appliations use for running as a cluster. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted JoinRequest, resulting in arbitrary code execution. You should upgrade your instances to the safe version or use a provided workaround as soon as possible. More info HERE.
Imagine 24/7 personalized application support, which always knows the context of your problem. Done? Now combine it with predictive issue assignment, predictive triage and intelligent automation? What do you get? A.I. driven Jira Service Management.