SB2026060232 - Multiple vulnerabilities in Bamboo Data Center

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026060232

SB2026060232 - Multiple vulnerabilities in Bamboo Data Center

Published: June 2, 2026

Security Bulletin ID SB2026060232
CSH Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 29% Medium 71%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 vulnerabilities.


1) Improper Check or Handling of Exceptional Conditions (CVE-ID: CVE-2026-39304)

CWE-ID: CWE-703 - Improper Check or Handling of Exceptional Conditions

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to improper handling of TLSv1.3 KeyUpdate messages in ActiveMQ NIO SSL transports when processing client-triggered TLSv1.3 handshake KeyUpdates. A remote attacker can rapidly trigger KeyUpdate messages to cause a denial of service.

Only TLSv1.3 is vulnerable to out-of-memory exhaustion; earlier TLS versions may cause a connection hang instead.


2) Configuration (CVE-ID: CVE-2026-29129)

CWE-ID: CWE-16 - Configuration

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause the server to use TLS cipher suites in an unintended order.

The vulnerability exists due to improper configuration handling in TLS 1.3 cipher suite configuration when negotiating TLS connections. A remote attacker can initiate a TLS connection to cause the server to use TLS cipher suites in an unintended order.


3) Improper Encoding or Escaping of Output (CVE-ID: CVE-2026-34483)

CWE-ID: CWE-116 - Improper Encoding or Escaping of Output

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to inject arbitrary JSON into the JSON access log.

The vulnerability exists due to incomplete escaping in the JSON access log when handling requests with non-default Connector attributes relaxedPathChars and/or relaxedQueryChars. A remote attacker can send a specially crafted request to inject arbitrary JSON into the JSON access log.

Only configurations using non-default values for relaxedPathChars and/or relaxedQueryChars are affected.


4) Covert Timing Channel (CVE-ID: CVE-2026-5598)

CWE-ID: CWE-385 - Covert Timing Channel

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to a covert timing channel in FrodoEngine.java in the BC-JAVA core modules when performing cryptographic operations. A remote attacker can measure timing differences to disclose sensitive information.


5) Buffer overflow (CVE-ID: CVE-2026-29062)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in UTF8DataInputJsonParser when parsing deeply nested JSON files. A remote attacker can pass a specially JSON data to the application and perform a denial of service attack.

Note, the vulnerability exists due to the fix for #VU112106 (CVE-2025-52999) has not been properly applied for the 3.x branch. 


6) Path traversal (CVE-ID: CVE-2025-67030)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to write arbitrary files.

The vulnerability exists due to path traversal in the extractFile function when extracting archive entries with traversal sequences or absolute paths. A remote attacker can supply a specially crafted archive to write arbitrary files.

If a written file is later used as an executable or configuration file, this may lead to code execution in the context of the current working user.


7) Improper input validation (CVE-ID: CVE-2026-27727)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Platform Security (Mchange Commons Java) component in Oracle Business Intelligence Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.


Remediation

Install update from vendor's website.

References