CVE-2015-6576

CVE Database · CVE-2015-6576

CVE-2015-6576

· N/AModified

CVSS v3.1

N/A

EPSS

3.62%

Published

Oct 2, 2017

Modified

May 12, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource.

Weaknesses (CWE)

CWE-94

Affected Products (2)

atlassian · bamboo (up to 5.8.5)vulnerable

atlassian · bamboo (up to 5.9.7)vulnerable

References (8)

http://packetstormsecurity.com/files/134065/Bamboo-Java-Code-Execution.html

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/536747/100/0/threaded

Third Party AdvisoryVDB Entry

https://confluence.atlassian.com/x/Hw7RLg

Vendor Advisory

https://jira.atlassian.com/browse/BAM-16439

Issue TrackingVendor Advisory

http://packetstormsecurity.com/files/134065/Bamboo-Java-Code-Execution.html

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/archive/1/536747/100/0/threaded

KEV Catalog EPSS Scores Vendors All CVEs