CVE-2014-9757
Vulnerability from cvelistv5
Published
2016-02-08 19:00
Modified
2024-08-06 13:55
Severity ?
Summary
The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:55:04.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160122 January 2016 - Bamboo - Critical Security Advisory",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/537347/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://jira.atlassian.com/browse/BAM-17099"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-01-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20160122 January 2016 - Bamboo - Critical Security Advisory",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/537347/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://jira.atlassian.com/browse/BAM-17099"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160122 January 2016 - Bamboo - Critical Security Advisory",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/537347/100/0/threaded"
            },
            {
              "name": "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html",
              "refsource": "CONFIRM",
              "url": "https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html"
            },
            {
              "name": "https://jira.atlassian.com/browse/BAM-17099",
              "refsource": "CONFIRM",
              "url": "https://jira.atlassian.com/browse/BAM-17099"
            },
            {
              "name": "http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9757",
    "datePublished": "2016-02-08T19:00:00",
    "dateReserved": "2015-11-25T00:00:00",
    "dateUpdated": "2024-08-06T13:55:04.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-9757\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-02-08T19:59:00.127\",\"lastModified\":\"2018-10-09T19:55:13.357\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.\"},{\"lang\":\"es\",\"value\":\"La API Ignite Realtime Smack XMPP, como se utiliza en Atlassian Bamboo en versiones anteriores a 5.9.9 y 5.10.x en versiones anteriores a 5.10.0, permite a servidores XMPP remotos configurados ejecutar c\u00f3digo Java arbitrario a trav\u00e9s de datos serializados en un mensaje XMPP.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":7.5},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2764BBDA-4FA2-4FFD-A126-823CB52D0D06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42875600-4DA1-4574-9F9D-0FB8AE61DD10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C79631B-6B9F-4FC0-9B12-17CD656A1CD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2337D88-9821-4794-B0C8-6FA73BD158C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2F087A2-790D-4D36-82F0-83C6BF504216\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2162E45E-58ED-43B5-905F-C2E7475E0DB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69BE15C9-542E-4586-8B05-BBE1508266E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C8F7C6B-C6DF-4106-83FA-C8BCB2A0D02A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D461805-C648-420C-9352-64634DC06CF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F995A4F3-EDB9-431C-864E-253EACB523A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B407F0C-D5CA-4D33-A124-CBEC74B5EF5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F1B608F-A264-4FFB-9250-311ECEC065E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5259D2D7-ABAE-4024-AA80-77D7F6A2AD21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E42A908E-D53D-4A7A-917E-FB66C846CC55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F41AEA85-6758-448C-B7AC-87E252380BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE7F1728-FBE3-4FEF-8CA9-E613D5873FC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5021430D-C84B-4F67-A490-A0D6C87B25D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:2.7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64083DE3-8072-4CAC-B374-5FF402E048A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A940B1E-3E73-4A3E-912B-BF482776CF5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DB6A4F7-4827-4965-8790-41A60AAD98C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA69F796-66AC-49BA-BF8C-348E6FDB2176\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98DE5577-DFD8-42E7-A70A-3402D6386E79\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEA5C7C8-CDD5-4D22-A0B6-F7DEC87CDC9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B19625B6-CDBE-485B-BAF1-53ABB770C7B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"866C3CB4-B8FE-4D22-B130-67139D193B83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BD2FA24-8D68-4F31-8F88-A0930A92591B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F3C3168-20E6-41D2-845B-5A661DCF6A21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3BD0EAF-1C94-43A0-9133-9ADD8CAB8F87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4074958-998F-4333-8C81-45D0A765FB6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C5E5257-9004-4874-86A0-A3AB4230CE44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F9F3A23-71C8-4F65-A739-26BAAF1D9620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2539517E-733A-427A-A0DA-F20E6C8A0A0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEE47E00-3496-4E22-9BDC-7BAF77516249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B207B5EC-B2F2-4ED2-94B7-20CC15D542B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70595742-7AB8-4A9D-94B4-8EADA093DC6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD49DEBD-557F-4D65-9DA3-5A4CA0CB014C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EE8039C-2F64-4056-AADC-66408FADB090\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36190377-CD45-458D-A533-5D68FC38753F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:3.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2A7E6EF-CEF1-4A6A-8C1F-3BA2CF17D9B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F3DF4FF-4C86-4D9F-882C-96482F69F871\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7760BAB-C6F3-40B4-8A65-0778C91B2481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D38BBD36-6F5F-44E4-8B74-A1F2E6E9ADE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"173874C7-0A68-447D-9284-6904BBBA8D86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"124E0B33-9C58-4AC9-9064-EE9F29FA56CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89526493-E441-43A6-9C8B-FF16AFD9060F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1921815-49AD-474C-8898-614C2209CAEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0761166B-7FD9-4574-8C13-0336343ADC46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B13D9DB-83A0-42AE-A665-214A71890ED0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF901B9B-49DE-4676-8245-E280CF5A7EFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A1D8D9B-E39E-4E77-831E-1D417ACEA5C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"951E6F5B-C905-40F2-B164-647A3E948EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B408EA00-A128-4927-BFBB-AF0B42EABA56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B6E80ED-818F-4438-BD2A-AD4847178ABF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF0876B2-B95C-464B-9479-CEAA9A64E01A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABFD011B-EC46-4BFC-AAAB-ABE6612B85E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCAE8C05-486F-4EC5-B084-2D55331C5EDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D58EB432-8BFF-4CEC-B46C-695E77E2435C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:4.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"103A0455-79B1-4135-9384-C673A2459AEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"087D5B44-B9A5-480C-9DDA-16132A79E2FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE87C15D-09B8-4B5A-866F-5C2C8A43FB01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2A5DB02-607E-4147-86BD-205BF33C8A18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"54646B4B-05D3-4628-980D-D77C4AAF87F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BFD6A97-95B8-4536-AA16-713D76CAC446\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9ACEC08-CD6D-4B8F-8A82-A75F925D130B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"352DED96-3E03-48EE-9DF2-0DE73E707845\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A9E2D3C-D744-4730-83C6-CAFA0C41C916\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA7AC6DD-FE26-4A33-99BC-E3C0B90C1A93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95EB3E57-96E8-42EC-95BE-B14770E450C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21BC1141-5BE1-4178-9DD7-B7E3CFA59C82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E64CB47F-1D9B-4C2F-BA47-713F886F2E73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E209CB6F-F792-41D9-BC09-41FF771E3659\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"650A769F-762F-431F-A6B4-3F4AD97C3A34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEEBC112-E305-4CE6-A935-1D8DBB5A6ED6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72284F9F-A0DA-4BED-B2CA-83D525ED4A37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FF3C458-CA8A-4128-BE1C-0AF405D4CC0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C76C64DA-FAB9-4E72-9F71-088406451285\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DF61CCA-0502-4DBB-990A-6F602E947C95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0F2F76E-8150-4432-96A8-52C1D88C1784\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A2F5445-4C2E-49BF-8B5F-B4AACE00CC5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14BAF1A9-0CBF-4B4F-AD8A-7511659D4FA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38CC432B-4F6C-48A9-9781-F721D254EBEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4CE881C-9283-45C3-8982-5887C85C1962\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4DCD084-030A-4CEB-A16E-765B795E17E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E64A9422-8C57-4AA8-A166-1C287C09BA48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E44C5F8E-3414-46A8-AC8E-FEF270CBA38E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9027FC28-00AA-4556-AA9F-C9EF816DFD78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"209C5313-C450-488E-BF5E-531415B8A484\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F42F8BBF-3FEF-4922-ACEF-89899337F574\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF9AAA21-4223-4643-9E39-8DD3FF850B6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:atlassian:bamboo:5.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9C45391-347E-4343-8585-58400A219FBB\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/537347/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jira.atlassian.com/browse/BAM-17099\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.