Initial Access Intelligence

Leverage Exploit & Vulnerability Intelligence to make better decisions on which vulnerabilities need immediate remediation

Schedule A Demo

GET /v3/index/initial-access?cve=CVE-2023-22527

    [
  {
    "cve": "CVE-2023-22527",
    "inKEV": true,
    "inVCKEV": true,
    "vulnerable_cpes": [
      "cpe:2.3:a:atlassian:confluence_data_center:8.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.0.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.1.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.1.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.1.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.2.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.2.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.2.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.2.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.3.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.3.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.3.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.3.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.3.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.4.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.4.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.4.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.4.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.4.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.4.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.5.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.5.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.5.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.5.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_data_center:8.7.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.0.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.0.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.0.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.0.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.0.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.1.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.1.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.1.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.2.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.2.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.2.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.2.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.3.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.3.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.3.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.3.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.3.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.4.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.4.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.4.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.4.3:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.4.4:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.4.5:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.5.0:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.5.1:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.5.2:*:*:*:*:*:*:*",
      "cpe:2.3:a:atlassian:confluence_server:8.5.3:*:*:*:*:*:*:*"
    ],
    "artifacts": [
      {
        "vendor": "Confluence",
        "targetEncryptedComms": "either",
        "mitreAttackTechniques": [
          "T1190"
        ],
        "product": [
          "Confluence Server",
          "Confluence Data Center"
        ],
        "dateAdded": "2024-01-22T00:00:00Z",
        "artifactName": "Confluence Template Injection (text-inline.vm)",
        "exploit": true,
        "versionScanner": true,
        "pcap": true,
        "sigmaRule": false,
        "suricataRule": true,
        "snortRule": true,
        "yara": true,
        "nmapScript": true,
        "zeroday": false,
        "targetService": "HTTP",
        "targetDocker": true,
        "googleQueries": [],
        "googleRawQueries": [],
        "baiduQueries": [
          "https://www.baidu.com/s?wd=intitle%3A%22Log%20In%20-%20Confluence%22"
        ],
        "baiduRawQueries": [
          "intitle:\"Log In - Confluence\""
        ],
        "shodanQueries": [
          "https://www.shodan.io/search?query=%2Bhttp.favicon.hash%3A-305179312+%22X-Confluence-Request-Time%22+%2B%22Set-Cookie%3A+JSESSIONID%3D%22+%2Bhtml%3A%22confluence-context-path%22",
          "https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22JSESSIONID%22+%2Bhtml%3A%22atlassian-authentication-plugin%22+-%22145DF9C4CDE560B2699212692B867CDA%22",
          "https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22Set-Cookie%3A+JSESSIONID%22+%2Bhtml%3A%22SAML+POST+Binding%22"
        ],
        "censysQueries": [
          "https://platform.censys.io/search?q=host.services%3A%28endpoints.http.favicons.hash_md5%3D%22966e60f8eb85b7ea43a7b0095f3e2336%22%20and%20banner%3A%22Set-Cookie%3A%20JSESSIONID%22%20and%20banner%3A%22X-Confluence-Request-Time%22%20and%20endpoints.http.body%3A%22confluence-context-path%22%29"
        ],
        "censysLegacyQueries": [
          "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=same_service%28services.http.response.favicons.md5_hash%3D%22966e60f8eb85b7ea43a7b0095f3e2336%22+and+services.banner%3A%22Set-Cookie%3A+JSESSIONID%22+and+services.banner%3A%22X-Confluence-Request-Time%22+and+services.http.response.body%3A%22confluence-context-path%22%29"
        ],
        "driftnetQueries": [],
        "driftnetRawQueries": [],
        "greynoiseQueries": [
          "https://viz.greynoise.io/query?gnql=raw_data.web.paths%3A%22%2Ftemplate%2Faui%2Ftext-inline.vm%22",
          "https://viz.greynoise.io/tag/atlassian-confluence-template-injection-rce-attempt-cve-2023-22527"
        ],
        "fofaQueries": [
          "https://en.fofa.info/result?qbase64=aGVhZGVyPSJTZXQtQ29va2llOiBKU0VTU0lPTklEIiAmJiBoZWFkZXI9IlgtQ29uZmx1ZW5jZS1SZXF1ZXN0LVRpbWUiICYmIGJvZHk9ImNvbmZsdWVuY2UtY29udGV4dC1wYXRoIiAmJiBpY29uX2hhc2g9Ii0zMDUxNzkzMTIi"
        ],
        "fofaRawQueries": [
          "header=\"Set-Cookie: JSESSIONID\" && header=\"X-Confluence-Request-Time\" && body=\"confluence-context-path\" && icon_hash=\"-305179312\""
        ],
        "zoomEyeQueries": [
          "https://www.zoomeye.ai/searchResult?q=aHR0cC5oZWFkZXI9IlNldC1Db29raWU6IEpTRVNTSU9OSUQiICYmIGh0dHAuaGVhZGVyPSJYLUNvbmZsdWVuY2UtUmVxdWVzdC1UaW1lIiAmJiBodHRwLmJvZHk9ImNvbmZsdWVuY2UtY29udGV4dC1wYXRoIiAmJiBpY29uaGFzaD0iLTMwNTE3OTMxMiI%3D"
        ],
        "zoomEyeRawQueries": [
          "http.header=\"Set-Cookie: JSESSIONID\" && http.header=\"X-Confluence-Request-Time\" && http.body=\"confluence-context-path\" && iconhash=\"-305179312\""
        ],
        "shodanRawQueries": [
          "+http.favicon.hash:-305179312 \"X-Confluence-Request-Time\" +\"Set-Cookie: JSESSIONID=\" +html:\"confluence-context-path\"",
          "X-Confluence-Request-Time +\"JSESSIONID\" +html:\"atlassian-authentication-plugin\" -\"145DF9C4CDE560B2699212692B867CDA\"",
          "X-Confluence-Request-Time +\"Set-Cookie: JSESSIONID\" +html:\"SAML POST Binding\""
        ],
        "censysRawQueries": [
          "host.services:(endpoints.http.favicons.hash_md5=\"966e60f8eb85b7ea43a7b0095f3e2336\" and banner:\"Set-Cookie: JSESSIONID\" and banner:\"X-Confluence-Request-Time\" and endpoints.http.body:\"confluence-context-path\")"
        ],
        "censysLegacyRawQueries": [
          "same_service(services.http.response.favicons.md5_hash=\"966e60f8eb85b7ea43a7b0095f3e2336\" and services.banner:\"Set-Cookie: JSESSIONID\" and services.banner:\"X-Confluence-Request-Time\" and services.http.response.body:\"confluence-context-path\")"
        ],
        "cloneSSHURL": "git@git.vulncheck.com:vulncheck/initial-access.git"
      }
    ],
    "_timestamp": "2025-08-26T00:22:25.386422501Z"
  }
]

VulnCheck Platform

Why VulnCheck Initial Access Intelligence

Focused on What Matters
Unlike other emerging threat feeds, VulnCheck Initial Access focuses on vulnerabilities that matter, not simply vulnerabilities that are easy to collect PCAPs for.
Exclusively Initial Access
Initial Access vulnerabilities, a subset of Remote Code Execution vulnerabilities, are the most dangerous vulnerabilities for organizations as they result in remote, unauthenticated, no-click, data breaches.
Detection Artifacts Early
VulnCheck Initial Access Intelligence provides early detection artifacts to implement defenses quickly, such as Suricata signatures, YARA rules, and PCAPs.
Private Exploit PoCs
When vulnerabilities break, it can be hard to know if you are protected. VulnCheck Initial Access Intelligence includes private exploit proof-of-concept code, which may be used to test your organizations defenses.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo