CVE-2016-5229
Severity
9.8CRITICAL
EPSS
6.0%
top 9.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 2
Latest updateMay 14
Description
Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to XStream Serialization.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9