Page 4 of 17 results (0.042 seconds)

CVSS: 9.8EPSS: 0%CPEs: 91EXPL: 0

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. Un recurso no especificado en Atlassian Bamboo en versiones anteriores a 5.9.9 y 5.10.x en versiones anteriores a 5.10.0 permite a atacantes remotos ejecutar código Java arbitrario a través de datos serializados al puerto JMS. • http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html http://www.securityfocus.com/archive/1/537347/100/0/threaded https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html https://jira.atlassian.com/browse/BAM-17101 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. Bamboo 2 2 en versiones anteriores a la 5 8 5 y en versiones 5 9 x anteriores a la 5 9 7 permite que los atacantes remotos con acceso a la interfaz web de Bamboo ejecuten código Java mediante un recurso no especificado. • https://github.com/CallMeJonas/CVE-2015-6576 http://packetstormsecurity.com/files/134065/Bamboo-Java-Code-Execution.html http://www.securityfocus.com/archive/1/536747/100/0/threaded https://confluence.atlassian.com/x/Hw7RLg https://jira.atlassian.com/browse/BAM-16439 • CWE-94: Improper Control of Generation of Code ('Code Injection') •