9.8

CVE-2014-9757

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AtlassianBamboo Version2.4
AtlassianBamboo Version2.4.1
AtlassianBamboo Version2.4.2
AtlassianBamboo Version2.4.3
AtlassianBamboo Version2.5
AtlassianBamboo Version2.5.1
AtlassianBamboo Version2.5.2
AtlassianBamboo Version2.5.3
AtlassianBamboo Version2.5.5
AtlassianBamboo Version2.6
AtlassianBamboo Version2.6.1
AtlassianBamboo Version2.6.2
AtlassianBamboo Version2.6.3
AtlassianBamboo Version2.7
AtlassianBamboo Version2.7.1
AtlassianBamboo Version2.7.2
AtlassianBamboo Version2.7.3
AtlassianBamboo Version2.7.4
AtlassianBamboo Version3.0
AtlassianBamboo Version3.0.1
AtlassianBamboo Version3.0.2
AtlassianBamboo Version3.0.3
AtlassianBamboo Version3.1
AtlassianBamboo Version3.1.1
AtlassianBamboo Version3.1.3
AtlassianBamboo Version3.1.4
AtlassianBamboo Version3.2
AtlassianBamboo Version3.2.2
AtlassianBamboo Version3.3
AtlassianBamboo Version3.3.1
AtlassianBamboo Version3.3.2
AtlassianBamboo Version3.3.3
AtlassianBamboo Version3.3.4
AtlassianBamboo Version3.4
AtlassianBamboo Version3.4.1
AtlassianBamboo Version3.4.2
AtlassianBamboo Version3.4.3
AtlassianBamboo Version3.4.4
AtlassianBamboo Version3.4.5
AtlassianBamboo Version4.0
AtlassianBamboo Version4.0.1
AtlassianBamboo Version4.1
AtlassianBamboo Version4.1.1
AtlassianBamboo Version4.1.2
AtlassianBamboo Version4.2
AtlassianBamboo Version4.2.1
AtlassianBamboo Version4.3
AtlassianBamboo Version4.3.1
AtlassianBamboo Version4.3.2
AtlassianBamboo Version4.3.3
AtlassianBamboo Version4.3.4
AtlassianBamboo Version4.4
AtlassianBamboo Version4.4.1
AtlassianBamboo Version4.4.2
AtlassianBamboo Version4.4.3
AtlassianBamboo Version4.4.4
AtlassianBamboo Version4.4.5
AtlassianBamboo Version4.4.8
AtlassianBamboo Version5.0
AtlassianBamboo Version5.0 Updatebeta1
AtlassianBamboo Version5.0 Updatebeta2
AtlassianBamboo Version5.0 Updatebeta3
AtlassianBamboo Version5.0 Updaterc1
AtlassianBamboo Version5.0.1
AtlassianBamboo Version5.1
AtlassianBamboo Version5.1.1
AtlassianBamboo Version5.2
AtlassianBamboo Version5.2.1
AtlassianBamboo Version5.2.2
AtlassianBamboo Version5.3
AtlassianBamboo Version5.4
AtlassianBamboo Version5.4.1
AtlassianBamboo Version5.4.2
AtlassianBamboo Version5.5
AtlassianBamboo Version5.6
AtlassianBamboo Version5.6.1
AtlassianBamboo Version5.6.2
AtlassianBamboo Version5.7
AtlassianBamboo Version5.7.1
AtlassianBamboo Version5.7.2
AtlassianBamboo Version5.8
AtlassianBamboo Version5.8.1
AtlassianBamboo Version5.8.2
AtlassianBamboo Version5.8.5
AtlassianBamboo Version5.9
AtlassianBamboo Version5.9.1
AtlassianBamboo Version5.9.2
AtlassianBamboo Version5.9.3
AtlassianBamboo Version5.9.4
AtlassianBamboo Version5.9.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.78% 0.726
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.