There is known exploitation of this vulnerability in Confluence Server version 7.18.0. Subsequent testing indicates that multiple versions of Confluence Server and Data Center, including version 7.4.0 and newer, are vulnerable. There are currently no fixed versions of Confluence Server and Data Center available. Estimated time to deploy the fix is 24 hours. Until then Atlassian recommends to restrict Confluence Server and Data Center instances from the internet or disable them.