CVE-2015-8360

CVE Database · CVE-2015-8360

CVE-2015-8360

· N/AModified

CVSS v3.1

N/A

EPSS

2.98%

Published

Feb 8, 2016

Modified

May 6, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.

Weaknesses (CWE)

CWE-20

Affected Products (91)

atlassian · bamboovulnerable

References (8)

http://packetstormsecurity.com/files/135352/Bamboo-Deserialization-Missing-Authentication-Checks.html

http://www.securityfocus.com/archive/1/537347/100/0/threaded

https://confluence.atlassian.com/bamboo/bamboo-security-advisory-2016-01-20-794376535.html

Vendor Advisory

https://jira.atlassian.com/browse/BAM-17101

PatchVendor Advisory