21 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-13990
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. CVE-2019-13990...
RHEL 8 : RHV Manager (ovirt-engine) 4.4 (RHSA-2020:3247)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3247 advisory. The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to...
Advisory ROSA-SA-2023-2272
software: quartz 2.2.1 OS: ROSA-CHROME packageevrstring: quartz-2.2.1-11.src.rpm CVE-ID: CVE-2019-13990 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler before version 2.3.0 allows XXE attacks via job description...
Atlassian JIRA Service Desk < 4.20.26 / 5.4.x < 5.4.10 / 5.5.x < 5.7.2 / 5.8.x < 5.8.2 / 5.9.x < 5.9.2 / 5.10.x < 5.10.1 (JSDSERVER-14401)
The version of Atlassian JIRA Service Desk Server running on the remote host is affected by a vulnerability as referenced in the JSDSERVER-14401 advisory. - XXE XML External Entity Injection in Jira Service Management Data Center and Server - CVE-2019-13990 CVE-2019-13990 Note that Nessus has not...
XXE (XML External Entity Injection) in Jira Service Management Data Center and Server - CVE-2019-13990
h2. Summary of Vulnerability Certain versions of Jira Service Management Server & Data Center were affected by CVE-2019-13990. The affected versions contained vulnerable versions of Terracotta Quartz Scheduler which allowed authenticated attackers to initiate an XML External Entity injection atta...
Mageia: Security Advisory (MGASA-2021-0133)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle WebCenter Sites Multiple Vulnerabilities (Oct 2021 CPU)
Oracle WebCenter Sites component of Oracle Fusion Middleware is affected by multiple vulnerabilities. - Component: WebCenter Sites Terracotta Quartz Scheduler. The supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker...
Vulnerabilities fixed in Oracle Enterprise Manager
Oracle has fixed multiple vulnerabilities in Oracle Enterprise Manager. The vulnerabilities allow an unauthenticated remote malicious party potentially able to launch attacks leading to the following categories of damage: Denial-of-Service DoS Manipulation of data Remote code execution Access to...
Important: Red Hat Security Advisory: Red Hat Fuse 7.8.0 release and security update
A minor version update from 7.7 to 7.8 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Terracotta Quartz Scheduler
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Terracotta Quartz Scheduler. Vulnerability Details CVEID: CVE-2019-13990 DESCRIPTION: Terracotta could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external enti...
Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.8.0 Security Update
An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
Important: Red Hat Security Advisory: Red Hat Decision Manager 7.8.0 Security Update
An update is now available for Red Hat Decision Manager. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
ai.databand.azkaban:az-core (=3.90.0), ai.databand.azkaban:azkaban-common (=3.18.0) +3310 more potentially affected by CVE-2019-13990 via org.quartz-scheduler:quartz (>=1.7.2 <=2.3.1)
org.quartz-scheduler:quartz MAVEN version =1.7.2, =0.5.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.0.0, =1.3.0 and more Source cves: CVE-2019-13990 Source advisory: OSV:GHSA-9QCF-C26R-X5RF...
Security Bulletin: Quartz vulnerability affects IBM Spectrum Protect Plus (CVE-2019-13990)
Summary A security vulnerability in Quartz which could allow a remote attacker to obtain sensitive information affects IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2019-13990 DESCRIPTION: Terracotta could allow a remote attacker to obtain sensitive information, caused by improper...
SUSE-SU-2020:1009-1 Security update for quartz
This update for quartz fixes the following issues: - CVE-2019-13990: Fixed XML External Entity attack in initDocumentParser bsc1143227...
Oracle Primavera Unifier (Apr 2020 CPU)
The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the CPUApr2020 advisory. - initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows X...
SUSE-SU-2020:0984-1 Security update for quartz
This update for quartz fixes the following issues: - CVE-2019-13990: Fixed XML External Entity attack in initDocumentParser bsc1143227...
CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...
CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...
CVE-2019-13990
CVE-2019-13990 affects Terracotta Quartz Scheduler within Atlassian Jira Service Management Data Center/Server and related Oracle Fusion Middleware deployments, via XXE in the Terracotta Quartz Scheduler component when parsing a job description. The root cause is an XML External Entity condition ...