← voltar
CVE-2017-9514

CVE-2017-9514

EPSS 1.0%
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
12 out 2017Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.
Produtos afetados
Atlassian · Bamboo

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2017-10-11-938843921.htmlhttp://www.securityfocus.com/bid/101269