CVE-2014-9757Improper Input Validation in Atlassian Bamboo

CWE-20Improper Input Validation3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.8%
top 26.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Atlassian Bamboo
Timeline
PublishedFeb 8
Latest updateMay 14

Description

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDatlassian/bamboo86 versions+85

Patches

Patch: jira.atlassian.comPatch: jira.atlassian.com

🔴Vulnerability Details

2
GHSA
GHSA-3f63-vqp6-r5p2: The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 52022-05-14
CVEList
CVE-2014-9757: The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 52016-02-08
CVE-2014-9757 — Improper Input Validation in Atlassian | cvebase