2 matches found
CVE-2014-9757
CVE-2014-9757 affects Atlassian Bamboo prior to 5.9.9 and 5.10.x prior to 5.10.0, due to a deserialization vulnerability in the Ignite Realtime Smack XMPP API used by Bamboo. Remote configured XMPP servers can send serialized data in XMPP messages to execute arbitrary Java code on Bamboo servers....
CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability
Bamboo used an old version of the Smack XMPP library that deserialises messages received from XMPP. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo if a XMPP connection has been configured. To exploit this issue, Bamboo...