Bitbucket Data Center and Confluence Data Center are vulnerable to Java deserialization attacks (CVE-2016-10750). It`s because of Hazelcast, third-party software, which Attlassian DC appliations use for running as a cluster. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted JoinRequest, resulting in arbitrary code execution. You should upgrade your instances to the safe version or use a provided workaround as soon as possible. More info HERE.
Everything you always wanted to know about Jira. But were afraid to ask.