What is the severity of CVE-2014-9757?

CVE-2014-9757 has a high severity rating due to the potential for remote code execution via arbitrarily deserialized data.

How do I fix CVE-2014-9757?

To fix CVE-2014-9757, you should upgrade Atlassian Bamboo to version 5.9.9 or 5.10.0 and above to eliminate the vulnerability.

What types of attacks does CVE-2014-9757 enable?

CVE-2014-9757 enables remote attackers to execute arbitrary Java code on the server by sending specially crafted XMPP messages.

Which versions of Atlassian Bamboo are affected by CVE-2014-9757?

Atlassian Bamboo versions prior to 5.9.9 and 5.10.x before 5.10.0 are affected by CVE-2014-9757.

Is CVE-2014-9757 a local or remote vulnerability?

CVE-2014-9757 is a remote vulnerability that can be exploited by attackers from outside the target environment.

Vulnerability/
CVE-2014-9757

critical

9.8

CWE

8/2/2016

9/10/2018

CVE-2014-9757: Input Validation

First published: Mon Feb 08 2016(Updated: )

The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0, allows remote configured XMPP servers to execute arbitrary Java code via serialized data in an XMPP message.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Bamboo	=2.4
Bamboo	=2.4.1
Bamboo	=2.4.2
Bamboo	=2.4.3
Bamboo	=2.5
Bamboo	=2.5.1
Bamboo	=2.5.2
Bamboo	=2.5.3
Bamboo	=2.5.5
Bamboo	=2.6
Bamboo	=2.6.1
Bamboo	=2.6.2
Bamboo	=2.6.3
Bamboo	=2.7
Bamboo	=2.7.1
Bamboo	=2.7.2
Bamboo	=2.7.3
Bamboo	=2.7.4
Bamboo	=3.0
Bamboo	=3.0.1
Bamboo	=3.0.2
Bamboo	=3.0.3
Bamboo	=3.1
Bamboo	=3.1.1
Bamboo	=3.1.3
Bamboo	=3.1.4
Bamboo	=3.2
Bamboo	=3.2.2
Bamboo	=3.3
Bamboo	=3.3.1
Bamboo	=3.3.2
Bamboo	=3.3.3
Bamboo	=3.3.4
Bamboo	=3.4
Bamboo	=3.4.1
Bamboo	=3.4.2
Bamboo	=3.4.3
Bamboo	=3.4.4
Bamboo	=3.4.5
Bamboo	=4.0
Bamboo	=4.0.1
Bamboo	=4.1
Bamboo	=4.1.1
Bamboo	=4.1.2
Bamboo	=4.2
Bamboo	=4.2.1
Bamboo	=4.3
Bamboo	=4.3.1
Bamboo	=4.3.2
Bamboo	=4.3.3
Bamboo	=4.3.4
Bamboo	=4.4
Bamboo	=4.4.1
Bamboo	=4.4.2
Bamboo	=4.4.3
Bamboo	=4.4.4
Bamboo	=4.4.5
Bamboo	=4.4.8
Bamboo	=5.0
Bamboo	=5.0-beta1
Bamboo	=5.0-beta2
Bamboo	=5.0-beta3
Bamboo	=5.0-rc1
Bamboo	=5.0.1
Bamboo	=5.1
Bamboo	=5.1.1
Bamboo	=5.2
Bamboo	=5.2.1
Bamboo	=5.2.2
Bamboo	=5.3
Bamboo	=5.4
Bamboo	=5.4.1
Bamboo	=5.4.2
Bamboo	=5.5
Bamboo	=5.6
Bamboo	=5.6.1
Bamboo	=5.6.2
Bamboo	=5.7
Bamboo	=5.7.1
Bamboo	=5.7.2
Bamboo	=5.8
Bamboo	=5.8.1
Bamboo	=5.8.2
Bamboo	=5.8.5
Bamboo	=5.9
Bamboo	=5.9.1
Bamboo	=5.9.2
Bamboo	=5.9.3
Bamboo	=5.9.4
Bamboo	=5.9.7

Remedy

https://jira.atlassian.com/browse/BAM-17099

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-9757?
CVE-2014-9757 has a high severity rating due to the potential for remote code execution via arbitrarily deserialized data.
How do I fix CVE-2014-9757?
To fix CVE-2014-9757, you should upgrade Atlassian Bamboo to version 5.9.9 or 5.10.0 and above to eliminate the vulnerability.
What types of attacks does CVE-2014-9757 enable?
CVE-2014-9757 enables remote attackers to execute arbitrary Java code on the server by sending specially crafted XMPP messages.
Which versions of Atlassian Bamboo are affected by CVE-2014-9757?
Atlassian Bamboo versions prior to 5.9.9 and 5.10.x before 5.10.0 are affected by CVE-2014-9757.
Is CVE-2014-9757 a local or remote vulnerability?
CVE-2014-9757 is a remote vulnerability that can be exploited by attackers from outside the target environment.

agent/references
agent/type
agent/first-publish-date
agent/last-modified-date
agent/remedy
agent/severity
agent/author
agent/weakness
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/atlassian
canonical/bamboo
version/bamboo/2.4
version/bamboo/2.4.1
version/bamboo/2.4.2
version/bamboo/2.4.3
version/bamboo/2.5
version/bamboo/2.5.1
version/bamboo/2.5.2
version/bamboo/2.5.3
version/bamboo/2.5.5
version/bamboo/2.6
version/bamboo/2.6.1
version/bamboo/2.6.2
version/bamboo/2.6.3
version/bamboo/2.7
version/bamboo/2.7.1
version/bamboo/2.7.2
version/bamboo/2.7.3
version/bamboo/2.7.4
version/bamboo/3.0
version/bamboo/3.0.1
version/bamboo/3.0.2
version/bamboo/3.0.3
version/bamboo/3.1
version/bamboo/3.1.1
version/bamboo/3.1.3
version/bamboo/3.1.4
version/bamboo/3.2
version/bamboo/3.2.2
version/bamboo/3.3
version/bamboo/3.3.1
version/bamboo/3.3.2
version/bamboo/3.3.3
version/bamboo/3.3.4
version/bamboo/3.4
version/bamboo/3.4.1
version/bamboo/3.4.2
version/bamboo/3.4.3
version/bamboo/3.4.4
version/bamboo/3.4.5
version/bamboo/4.0
version/bamboo/4.0.1
version/bamboo/4.1
version/bamboo/4.1.1
version/bamboo/4.1.2
version/bamboo/4.2
version/bamboo/4.2.1
version/bamboo/4.3
version/bamboo/4.3.1
version/bamboo/4.3.2
version/bamboo/4.3.3
version/bamboo/4.3.4
version/bamboo/4.4
version/bamboo/4.4.1
version/bamboo/4.4.2
version/bamboo/4.4.3
version/bamboo/4.4.4
version/bamboo/4.4.5
version/bamboo/4.4.8
version/bamboo/5.0
version/bamboo/5.0-beta1
version/bamboo/5.0-beta2
version/bamboo/5.0-beta3
version/bamboo/5.0-rc1
version/bamboo/5.0.1
version/bamboo/5.1
version/bamboo/5.1.1
version/bamboo/5.2
version/bamboo/5.2.1
version/bamboo/5.2.2
version/bamboo/5.3
version/bamboo/5.4
version/bamboo/5.4.1
version/bamboo/5.4.2
version/bamboo/5.5
version/bamboo/5.6
version/bamboo/5.6.1
version/bamboo/5.6.2
version/bamboo/5.7
version/bamboo/5.7.1
version/bamboo/5.7.2
version/bamboo/5.8
version/bamboo/5.8.1
version/bamboo/5.8.2
version/bamboo/5.8.5
version/bamboo/5.9
version/bamboo/5.9.1
version/bamboo/5.9.2
version/bamboo/5.9.3
version/bamboo/5.9.4
version/bamboo/5.9.7