HomePentest-Tools.com Logo

Atlassian Bamboo Multiple Vulnerabilities (Feb 2016) CVE-2015-8361CVE-2014-9757

Severity
CVSSv3 Score
9.1
Vulnerability description

Atlassian Bamboo is prone to multiple vulnerabilities.

Risk description

Multiple flaws exist due to: - The Ignite Realtime Smack XMPP API does not validate serialized data in an XMPP message. - The multiple unspecified services do not require authentication. Successful exploitation will allow remote attackers to execute arbitrary java code, and to obtain sensitive information, modify settings, or manage build agents.

Recommendation

Upgrade to version 5.9.9 or later

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Feb 8, 2016
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available