Atlassian · Crowd · CVE-2016-6496
**Name of the Vulnerable Software and Affected Versions**
Atlassian Crowd versions prior to 2.8.8
Atlassian Crowd versions 2.9.x prior to 2.9.5
**Description**
The issue allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object. This is related to the LDAP directory connector in Atlassian Crowd.
**Recommendations**
For versions prior to 2.8.8, update to version 2.8.8 or later.
For versions 2.9.x prior to 2.9.5, update to version 2.9.5 or later.