Synced 18 Jun 2026 05:58 UTC Account
← All products

CVE-2015-6576

HIGH severity · CVSS 8.8 · Code injection
8.8CVSS HIGH

Summary

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges requiredLow
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)4%

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products we track (1)

Bamboo

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Additional information