The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:21
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html - | |
References | () http://www.securityfocus.com/archive/1/537347/100/0/threaded - | |
References | () https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html - Vendor Advisory | |
References | () https://jira.atlassian.com/browse/BAM-17099 - Patch, Vendor Advisory |
Information
Published : 2016-02-08 19:59
Updated : 2024-11-21 02:21
NVD link : CVE-2014-9757
Mitre link : CVE-2014-9757
CVE.ORG link : CVE-2014-9757
JSON object : View
Products Affected
atlassian
- bamboo
CWE
CWE-20
Improper Input Validation