← volver
CVE-2014-9757

CVE-2014-9757

EPSS 2.3%
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.htmlhttps://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.htmlhttps://jira.atlassian.com/browse/BAM-17099http://www.securityfocus.com/archive/1/537347/100/0/threaded