CVE-2019-13990

EPSS 10.42%
Published 26.07.2019 19:15:11
Last modified 21.11.2024 04:25:50
Source cve@mitre.org
Teams watchlist Login
Open Login

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

Affected products Warnungen 0 Metrics 4 CWE 1 References 20

Data is provided by the National Vulnerability Database (NVD)

Softwareag ≫ Quartz Version < 2.3.2

Oracle ≫ Apache Batik Mapviewer Version12.2.0.1

Oracle ≫ Apache Batik Mapviewer Version18c

Oracle ≫ Apache Batik Mapviewer Version19c

Oracle ≫ Banking Enterprise Originations Version2.7.0

Oracle ≫ Banking Enterprise Originations Version2.8.0

Oracle ≫ Banking Enterprise Product Manufacturing Version2.7.0

Oracle ≫ Banking Enterprise Product Manufacturing Version2.8.0

Oracle ≫ Banking Payments Version >= 14.1.0 <= 14.4.0

Oracle ≫ Communications Ip Service Activator Version7.3.0

Oracle ≫ Communications Ip Service Activator Version7.4.0

Oracle ≫ Communications Session Route Manager Version >= 8.2.0 <= 8.2.2

Oracle ≫ Customer Management And Segmentation Foundation Version18.0

Oracle ≫ Documaker Version >= 12.6.0 <= 12.6.4

Oracle ≫ Enterprise Manager Base Platform Version13.2.1.0

Oracle ≫ Enterprise Manager Ops Center Version12.4.0.0

Oracle ≫ Flexcube Investor Servicing Version12.1.0

Oracle ≫ Flexcube Investor Servicing Version12.3.0

Oracle ≫ Flexcube Investor Servicing Version12.4.0

Oracle ≫ Flexcube Investor Servicing Version14.1.0

Oracle ≫ Flexcube Investor Servicing Version14.4.0

Oracle ≫ Flexcube Private Banking Version12.0.0

Oracle ≫ Flexcube Private Banking Version12.1.0

Oracle ≫ Fusion Middleware Mapviewer Version12.2.1.3.0

Oracle ≫ Google Guava Mapviewer Version12.2.0.1

Oracle ≫ Google Guava Mapviewer Version18c

Oracle ≫ Google Guava Mapviewer Version19c

Oracle ≫ Hyperion Infrastructure Technology Version11.1.2.4

Oracle ≫ Jd Edwards Enterpriseone Orchestrator Version <= 9.2.5.3

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version16.1

Oracle ≫ Primavera Unifier Version16.2

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Retail Back Office Version14.1

Oracle ≫ Retail Central Office Version14.1

Oracle ≫ Retail Integration Bus Version15.0

Oracle ≫ Retail Integration Bus Version16.0

Oracle ≫ Retail Order Broker Version15.0

Oracle ≫ Retail Order Broker Version16.0

Oracle ≫ Retail Order Broker Version18.0

Oracle ≫ Retail Order Broker Version19.0

Oracle ≫ Retail Point-of-service Version14.1

Oracle ≫ Retail Returns Management Version14.1

Oracle ≫ Retail Xstore Point Of Service Version15.0

Oracle ≫ Retail Xstore Point Of Service Version16.0

Oracle ≫ Retail Xstore Point Of Service Version17.0

Oracle ≫ Retail Xstore Point Of Service Version18.0

Oracle ≫ Retail Xstore Point Of Service Version19.0

Oracle ≫ Terracotta Quartz Scheduler Mapviewer Version12.2.0.1

Oracle ≫ Terracotta Quartz Scheduler Mapviewer Version18c

Oracle ≫ Terracotta Quartz Scheduler Mapviewer Version19c

Oracle ≫ Webcenter Sites Version12.2.1.3.0

Oracle ≫ Webcenter Sites Version12.2.1.4.0

Apache ≫ Tomee Version7.1.3

Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Cloud Secure Agent Version-

Atlassian ≫ Jira Service Management Version4.20.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.0 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.1 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.1 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.2 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.2 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.3 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.3 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.4 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.4 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.5 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.5 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.6 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.6 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.7 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.7 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.8 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.8 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.9 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.9 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.10 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.10 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.11 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.11 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.12 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.12 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.13 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.13 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.14 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.14 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.15 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.15 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.16 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.16 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.17 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.17 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.18 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.18 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.19 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.19 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.20 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.20 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.21 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.21 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.22 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.22 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.23 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.23 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.24 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.24 SwEditionserver

Atlassian ≫ Jira Service Management Version4.20.25 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.20.25 SwEditionserver

Atlassian ≫ Jira Service Management Version4.21.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.21.0 SwEditionserver

Atlassian ≫ Jira Service Management Version4.21.1 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.21.1 SwEditionserver

Atlassian ≫ Jira Service Management Version4.22.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.22.0 SwEditionserver

Atlassian ≫ Jira Service Management Version4.22.1 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.22.1 SwEditionserver

Atlassian ≫ Jira Service Management Version4.22.2 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.22.2 SwEditionserver

Atlassian ≫ Jira Service Management Version4.22.3 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.22.3 SwEditionserver

Atlassian ≫ Jira Service Management Version4.22.4 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.22.4 SwEditionserver

Atlassian ≫ Jira Service Management Version4.22.6 SwEditiondata_center

Atlassian ≫ Jira Service Management Version4.22.6 SwEditionserver

Atlassian ≫ Jira Service Management Version5.0.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.0.0 SwEditionserver

Atlassian ≫ Jira Service Management Version5.1.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.1.0 SwEditionserver

Atlassian ≫ Jira Service Management Version5.1.1 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.1.1 SwEditionserver

Atlassian ≫ Jira Service Management Version5.2.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.2.0 SwEditionserver

Atlassian ≫ Jira Service Management Version5.2.1 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.2.1 SwEditionserver

Atlassian ≫ Jira Service Management Version5.3.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.3.0 SwEditionserver

Atlassian ≫ Jira Service Management Version5.3.1 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.3.1 SwEditionserver

Atlassian ≫ Jira Service Management Version5.3.2 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.3.2 SwEditionserver

Atlassian ≫ Jira Service Management Version5.3.3 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.3.3 SwEditionserver

Atlassian ≫ Jira Service Management Version5.4.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.4.0 SwEditionserver

Atlassian ≫ Jira Service Management Version5.4.1 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.4.1 SwEditionserver

Atlassian ≫ Jira Service Management Version5.4.2 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.4.2 SwEditionserver

Atlassian ≫ Jira Service Management Version5.4.3 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.4.3 SwEditionserver

Atlassian ≫ Jira Service Management Version5.4.4 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.4.4 SwEditionserver

Atlassian ≫ Jira Service Management Version5.4.5 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.4.5 SwEditionserver

Atlassian ≫ Jira Service Management Version5.4.6 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.4.6 SwEditionserver

Atlassian ≫ Jira Service Management Version5.4.7 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.4.7 SwEditionserver

Atlassian ≫ Jira Service Management Version5.4.8 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.4.8 SwEditionserver

Atlassian ≫ Jira Service Management Version5.4.9 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.4.9 SwEditionserver

Atlassian ≫ Jira Service Management Version5.5.1 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.5.1 SwEditionserver

Atlassian ≫ Jira Service Management Version5.6.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.6.0 SwEditionserver

Atlassian ≫ Jira Service Management Version5.7.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.7.0 SwEditionserver

Atlassian ≫ Jira Service Management Version5.7.1 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.7.1 SwEditionserver

Atlassian ≫ Jira Service Management Version5.8.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.8.0 SwEditionserver

Atlassian ≫ Jira Service Management Version5.8.1 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.8.1 SwEditionserver

Atlassian ≫ Jira Service Management Version5.9.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.9.0 SwEditionserver

Atlassian ≫ Jira Service Management Version5.10.0 SwEditiondata_center

Atlassian ≫ Jira Service Management Version5.10.0 SwEditionserver

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	10.42%	0.929

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://www.oracle.com/security-alerts/cpujan2021.html

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2020.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Third Party Advisory