Grandoreiro Malware – Active IOCs
October 31, 2024AsyncRAT – Active IOCs
November 1, 2024Grandoreiro Malware – Active IOCs
October 31, 2024AsyncRAT – Active IOCs
November 1, 2024Severity
High
Analysis Summary
CVE-2024-21689
Atlassian Bamboo Data Center and Server could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the update process binaries (executable modules). By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-21689
Affected Vendors
Affected Products
- Atlassian Bamboo Data Center 9.6.0
- Atlassian Bamboo Data Center 9.6.4
- Atlassian Bamboo Data Center 9.5.0
- Atlassian Bamboo Data Center 9.5.4
- Atlassian Bamboo Data Center 9.4.0
- Atlassian Bamboo Data Center 9.4.4
- Atlassian Bamboo Server 9.4.0
- Atlassian Bamboo Server 9.4.4
- Atlassian Bamboo Server 9.3.0
- Atlassian Bamboo Server 9.3.6
- Atlassian Bamboo Server 9.2.1
- Atlassian Bamboo Server 9.2.16
Remediation
Refer to Atlassian Security Advisory for patch, upgrade or suggested workaround information.