Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Jobscheduler Security Vulnerabilities - 2020

cve
cve

CVE-2020-12712

A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.

7.5CVSS

7AI Score

0.048EPSS

2020-06-11 02:15 PM
92
cve
cve

CVE-2020-6854

A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API.

5.4CVSS

5.2AI Score

0.001EPSS

2020-02-05 09:15 PM
37
cve
cve

CVE-2020-6855

A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service.

6.5CVSS

6.3AI Score

0.001EPSS

2020-02-06 05:15 PM
32
cve
cve

CVE-2020-6856

An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.

6.5CVSS

6.3AI Score

0.001EPSS

2020-02-06 05:15 PM
31