CVE-2014-9757

Name of the Vulnerable Software and Affected Versions Atlassian Bamboo versions prior to 5.9.9 Atlassian Bamboo versions 5.10.x prior to 5.10.0

Description The issue allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message. This is related to the use of the Ignite Realtime Smack XMPP API in Atlassian Bamboo.

Recommendations For versions prior to 5.9.9, update to version 5.9.9 or later. For versions 5.10.x prior to 5.10.0, update to version 5.10.0 or later.