CVE-2015-6576

high

Description

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.

References

http://packetstormsecurity.com/files/134065/Bamboo-Java-Code-Execution.html

http://www.securityfocus.com/archive/1/536747/100/0/threaded

https://confluence.atlassian.com/x/Hw7RLg

https://jira.atlassian.com/browse/BAM-16439

Details

Source: MITRE

Published: 2017-10-03

Updated: 2019-05-03

Type: CWE-94

Risk Information

CVSS v2

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH