CVE-2019-13990 - Vulnerability Details

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Apache	Tomee
Atlassian	Jira Service Management
Netapp	Active Iq Unified Manager Cloud Secure Agent
Oracle	Apache Batik Mapviewer Banking Enterprise Originations Banking Enterprise Product Manufacturing Banking Payments Communications Ip Service Activator Communications Session Route Manager Customer Management And Segmentation Foundation Documaker Enterprise Manager Base Platform Enterprise Manager Ops Center Flexcube Investor Servicing Flexcube Private Banking Fusion Middleware Mapviewer Google Guava Mapviewer Hyperion Infrastructure Technology Jd Edwards Enterpriseone Orchestrator Primavera Unifier Retail Back Office Retail Central Office Retail Integration Bus Retail Order Broker Retail Point-of-service Retail Returns Management Retail Xstore Point Of Service Terracotta Quartz Scheduler Mapviewer Webcenter Sites
Redhat	Jboss Enterprise Bpms Platform Jboss Enterprise Brms Platform Jboss Fuse Rhev Manager
Softwareag	Quartz

Configuration 1 [-]

cpe:2.3:a:softwareag:quartz:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:a:oracle:apache_batik_mapviewer:12.2.0.1:::::::*
	cpe:2.3:a:oracle:apache_batik_mapviewer:18c:::::::*
	cpe:2.3:a:oracle:apache_batik_mapviewer:19c:::::::*
	cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:::::::*
	cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:::::::*
	cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:::::::*
	cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:::::::*
	cpe:2.3:a:oracle:banking_payments::::::::
	cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:::::::*
	cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:::::::*
	cpe:2.3:a:oracle:communications_session_route_manager::::::::
	cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:::::::*
	cpe:2.3:a:oracle:documaker::::::::
	cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:::::::*
	cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*
	cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:::::::*
	cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:::::::*
	cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:::::::*
	cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:::::::*
	cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:::::::*
	cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:::::::*
	cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:google_guava_mapviewer:12.2.0.1:::::::*
	cpe:2.3:a:oracle:google_guava_mapviewer:18c:::::::*
	cpe:2.3:a:oracle:google_guava_mapviewer:19c:::::::*
	cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:::::::*
	cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator::::::::
	cpe:2.3:a:oracle:primavera_unifier::::::::
	cpe:2.3:a:oracle:primavera_unifier:16.1:::::::*
	cpe:2.3:a:oracle:primavera_unifier:16.2:::::::*
	cpe:2.3:a:oracle:primavera_unifier:18.8:::::::*
	cpe:2.3:a:oracle:retail_back_office:14.1:::::::*
	cpe:2.3:a:oracle:retail_central_office:14.1:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:15.0:::::::*
	cpe:2.3:a:oracle:retail_integration_bus:16.0:::::::*
	cpe:2.3:a:oracle:retail_order_broker:15.0:::::::*
	cpe:2.3:a:oracle:retail_order_broker:16.0:::::::*
	cpe:2.3:a:oracle:retail_order_broker:18.0:::::::*
	cpe:2.3:a:oracle:retail_order_broker:19.0:::::::*
	cpe:2.3:a:oracle:retail_point-of-service:14.1:::::::*
	cpe:2.3:a:oracle:retail_returns_management:14.1:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:::::::*
	cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:::::::*
	cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:12.2.0.1:::::::*
	cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:18c:::::::*
	cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:19c:::::::*
	cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:::::::*
	cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:::::::*

Configuration 3 [-]

cpe:2.3:a:apache:tomee:7.1.3:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::linux::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
	cpe:2.3:a:netapp:cloud_secure_agent:-:::::::*

Configuration 5 [-]

OR	cpe:2.3:a:atlassian:jira_service_management:4.20.0::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.0::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.1::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.1::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.2::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.2::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.3::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.3::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.4::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.4::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.5::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.5::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.6::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.6::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.7::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.7::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.8::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.8::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.9::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.9::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.10::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.10::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.11::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.11::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.12::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.12::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.13::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.13::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.14::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.14::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.15::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.15::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.16::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.16::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.17::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.17::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.18::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.18::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.19::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.19::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.20::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.20::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.21::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.21::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.22::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.22::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.23::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.23::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.24::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.24::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.25::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.20.25::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.21.0::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.21.0::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.21.1::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.21.1::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.22.0::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.22.0::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.22.1::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.22.1::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.22.2::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.22.2::::server:::
	cpe:2.3:a:atlassian:jira_service_management:4.22.3::::data_center:::
	cpe:2.3:a:atlassian:jira_service_management:4.22.3::::server:::
cpe:2.3:a:atlassian:jira_service_management:4.22.4::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:4.22.4::::server:::
cpe:2.3:a:atlassian:jira_service_management:4.22.6::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:4.22.6::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.0.0::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.0.0::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.1.0::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.1.0::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.1.1::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.1.1::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.2.0::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.2.0::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.2.1::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.2.1::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.3.0::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.3.0::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.3.1::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.3.1::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.3.2::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.3.2::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.3.3::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.3.3::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.4.0::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.4.0::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.4.1::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.4.1::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.4.2::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.4.2::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.4.3::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.4.3::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.4.4::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.4.4::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.4.5::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.4.5::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.4.6::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.4.6::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.4.7::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.4.7::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.4.8::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.4.8::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.4.9::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.4.9::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.5.1::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.5.1::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.6.0::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.6.0::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.7.0::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.7.0::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.7.1::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.7.1::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.8.0::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.8.0::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.8.1::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.8.1::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.9.0::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.9.0::::server:::
cpe:2.3:a:atlassian:jira_service_management:5.10.0::::data_center:::
cpe:2.3:a:atlassian:jira_service_management:5.10.0::::server:::

Package	CPE	Advisory	Released Date
Red Hat Decision Manager 7
quartz	cpe:/a:redhat:jboss_enterprise_brms_platform:7.8	RHSA-2020:3196	2020-07-29T00:00:00Z
Red Hat Fuse 7.8.0
quartz	cpe:/a:redhat:jboss_fuse:7	RHSA-2020:5568	2020-12-16T00:00:00Z
Red Hat Process Automation 7
quartz	cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8	RHSA-2020:3197	2020-07-29T00:00:00Z
Red Hat Virtualization Engine 4.4
rhvm-dependencies-0:4.4.0-1.el8ev	cpe:/a:redhat:rhev_manager:4.4:el8	RHSA-2020:3247	2020-08-04T00:00:00Z

References

Link	Providers
https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html
https://github.com/quartz-scheduler/quartz/issues/467
https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E
https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E
https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2019-13990
https://security.netapp.com/advisory/ntap-20221028-0002/
https://www.cve.org/CVERecord?id=CVE-2019-13990
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html

History

Tue, 15 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-07-26T00:00:00

Updated: 2024-10-15T18:22:20.316Z

Reserved: 2019-07-19T00:00:00

Link: CVE-2019-13990

Vulnrichment

Updated: 2024-08-05T00:05:44.151Z

NVD

Status : Modified

Published: 2019-07-26T19:15:11.730

Modified: 2024-11-21T04:25:50.490

Link: CVE-2019-13990

Redhat

Severity : Important

Publid Date: 2019-07-26T00:00:00Z

Links: CVE-2019-13990 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-13990", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-15T18:22:20.316Z", "dateReserved": "2019-07-19T00:00:00", "datePublished": "2019-07-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-28T05:44:55.522130"}, "descriptions": [{"lang": "en", "value": "initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "[tomee-dev] 20190830 Re: Quartz CVE-2019-13990", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190830 Quartz CVE-2019-13990", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190908 Re: Quartz CVE-2019-13990", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20190908 svn commit: r1866633 - /tomee/deps/trunk/quartz-openejb-shade/pom.xml", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190923 Re: [VOTE] Release quartz-openejb-shade 2.2.4", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"url": "https://github.com/quartz-scheduler/quartz/issues/467"}, {"name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list"], "url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"url": "https://security.netapp.com/advisory/ntap-20221028-0002/"}, {"url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:05:44.151Z"}, "title": "CVE Program Container", "references": [{"name": "[tomee-dev] 20190830 Re: Quartz CVE-2019-13990", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190830 Quartz CVE-2019-13990", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190908 Re: Quartz CVE-2019-13990", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20190908 svn commit: r1866633 - /tomee/deps/trunk/quartz-openejb-shade/pom.xml", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-dev] 20190923 Re: [VOTE] Release quartz-openejb-shade 2.2.4", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["x_transferred"]}, {"url": "https://github.com/quartz-scheduler/quartz/issues/467", "tags": ["x_transferred"]}, {"name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E"}, {"name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20221028-0002/", "tags": ["x_transferred"]}, {"url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-611", "lang": "en", "description": "CWE-611 Improper Restriction of XML External Entity Reference"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T17:36:32.053865Z", "id": "CVE-2019-13990", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T18:22:20.316Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190830 Re: Quartz CVE-2019-13990", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190830 Quartz CVE-2019-13990", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190908 Re: Quartz CVE-2019-13990", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E", "name": "[tomee-commits] 20190908 svn commit: r1866633 - /tomee/deps/trunk/quartz-openejb-shade/pom.xml", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190923 Re: [VOTE] Release quartz-openejb-shade 2.2.4", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html", "tags": ["x_transferred"]}, {"url": "https://github.com/quartz-scheduler/quartz/issues/467", "tags": ["x_transferred"]}, {"url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E", "name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E", "name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E", "name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html", "tags": ["x_transferred"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20221028-0002/", "tags": ["x_transferred"]}, {"url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:05:44.151Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2019-13990", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-15T17:36:32.053865Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-611", "description": "CWE-611 Improper Restriction of XML External Entity Reference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T18:22:14.447Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190830 Re: Quartz CVE-2019-13990", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190830 Quartz CVE-2019-13990", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190908 Re: Quartz CVE-2019-13990", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E", "name": "[tomee-commits] 20190908 svn commit: r1866633 - /tomee/deps/trunk/quartz-openejb-shade/pom.xml", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E", "name": "[tomee-dev] 20190923 Re: [VOTE] Release quartz-openejb-shade 2.2.4", "tags": ["mailing-list"]}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"url": "https://github.com/quartz-scheduler/quartz/issues/467"}, {"url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E", "name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E", "name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list"]}, {"url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E", "name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990", "tags": ["mailing-list"]}, {"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"url": "https://security.netapp.com/advisory/ntap-20221028-0002/"}, {"url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html"}], "descriptions": [{"lang": "en", "value": "initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-28T05:44:55.522130"}}}, "cveMetadata": {"cveId": "CVE-2019-13990", "state": "PUBLISHED", "dateUpdated": "2024-10-15T18:22:20.316Z", "dateReserved": "2019-07-19T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2019-07-26T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:softwareag:quartz:*:*:*:*:*:*:*:*", "matchCriteriaId": "45E3B3FD-2210-4419-86E7-0365320383F7", "versionEndExcluding": "2.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:apache_batik_mapviewer:12.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "03B8033B-C2A4-47A2-88F0-ED2BF8962518", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:apache_batik_mapviewer:18c:*:*:*:*:*:*:*", "matchCriteriaId": "4B1124B6-CECC-4D4D-A8D5-F05928A545AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:apache_batik_mapviewer:19c:*:*:*:*:*:*:*", "matchCriteriaId": "3BE19D2D-0789-4925-BC87-DC3A4C063FBF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "7AB8ABFD-C72C-4CBB-8872-9440A19154D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3054FEBB-484B-4927-9D1C-2024772E8B3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AED3C78-7D65-4F02-820D-B51BCE4022F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "557A23A1-4762-4D29-A478-D1670C1847D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FF46C9A-7768-4E52-A676-BEA6AE766AD4", "versionEndIncluding": "14.4.0", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE48E0FE-5931-441C-B4FF-253BD9C48186", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430", "versionEndIncluding": "8.2.2", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*", "matchCriteriaId": "727DF4F5-3D21-491E-96B9-EC973A6C9C18", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*", "matchCriteriaId": "135D531C-A692-4BE3-AB8C-37BB0D35559A", "versionEndIncluding": "12.6.4", "versionStartIncluding": "12.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "66916DEB-ACE1-44E0-9535-10B3E03347AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "21BE77B2-6368-470E-B9E6-21664D9A818A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "3250073F-325A-4AFC-892F-F2005E3854A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A69266D2-72D0-4A6C-883D-2597FE30931B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "524429D6-8AF1-4713-A9B8-678B50A3762F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "06E586B3-3434-4B08-8BE3-16C528642CA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:google_guava_mapviewer:12.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0CCA59D2-2853-44F3-9C5C-CC59B49A6B69", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:google_guava_mapviewer:18c:*:*:*:*:*:*:*", "matchCriteriaId": "779EB0EC-2905-48BC-B375-E6E78B26A169", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:google_guava_mapviewer:19c:*:*:*:*:*:*:*", "matchCriteriaId": "E19C4DBE-2889-4C13-A0E9-30D0CD1BF714", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "DED59B62-C9BF-4C0E-B351-3884E8441655", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2A0A4A6-70D3-418B-80EA-04718C50C500", "versionEndIncluding": "9.2.5.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*", "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_order_broker:19.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFB0BB58-04D3-409D-AECC-9633782F0E75", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*", "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:12.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7E75624C-68FA-465C-86B3-BCFB649C4782", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:18c:*:*:*:*:*:*:*", "matchCriteriaId": "6B7DF2FA-F290-40F7-ABD1-AB50EEBC83B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:19c:*:*:*:*:*:*:*", "matchCriteriaId": "E4D4E5C1-D4A6-464D-9DF3-A9DDD1912FBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "174A6D2E-E42E-4C92-A194-C6A820CD7EF4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomee:7.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "E74771B8-99DA-434F-ADCF-258838674E18", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "E70C8416-E4F6-44BC-BDF9-BB1BAE7E185F", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.0:*:*:*:server:*:*:*", "matchCriteriaId": "1363F683-E350-4639-A973-A82BDD83A3A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.1:*:*:*:data_center:*:*:*", "matchCriteriaId": "7BAB5016-8439-4E01-8911-8B472EF38E13", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.1:*:*:*:server:*:*:*", "matchCriteriaId": "F8EF8DCE-7266-49B1-AE2E-96079A2AD6E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.2:*:*:*:data_center:*:*:*", "matchCriteriaId": "029B8E7F-65EF-4984-A27B-8198D8EB18DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.2:*:*:*:server:*:*:*", "matchCriteriaId": "55C7B96B-2A2F-47F9-BBBD-0E25F8AF8F02", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.3:*:*:*:data_center:*:*:*", "matchCriteriaId": "160B6A9E-41DC-4999-B3CC-A16B3A16D2A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.3:*:*:*:server:*:*:*", "matchCriteriaId": "FC59154D-036C-4F22-B5F1-891527A3EC6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.4:*:*:*:data_center:*:*:*", "matchCriteriaId": "6AD2CA00-9D6C-4DAC-90E6-BE1D93555C11", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.4:*:*:*:server:*:*:*", "matchCriteriaId": "2FDF2DF4-B0EE-4179-AF98-B21EBB2E1D6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.5:*:*:*:data_center:*:*:*", "matchCriteriaId": "AF85E227-F167-4CCB-A039-D96CC080B032", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.5:*:*:*:server:*:*:*", "matchCriteriaId": "EDA3B2B5-C9EA-4D26-AEF4-F86792FB9ADC", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.6:*:*:*:data_center:*:*:*", "matchCriteriaId": "93DDAE6E-DB31-429A-B4EB-955E080A4545", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.6:*:*:*:server:*:*:*", "matchCriteriaId": "DF994E6C-6262-4230-BBC6-E464EBC1B0F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.7:*:*:*:data_center:*:*:*", "matchCriteriaId": "25DA87CA-362C-4558-AA42-265DA1F8C26D", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.7:*:*:*:server:*:*:*", "matchCriteriaId": "EF410408-CD38-408A-97C4-1103EF8AF68D", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.8:*:*:*:data_center:*:*:*", "matchCriteriaId": "037D6CB0-959B-468E-87DD-8B1110A14ED0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.8:*:*:*:server:*:*:*", "matchCriteriaId": "1B885DB6-2DEA-4EB4-97BC-2BF30BC45544", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.9:*:*:*:data_center:*:*:*", "matchCriteriaId": "C83E3571-CD54-40A2-AAC0-20F67954642B", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.9:*:*:*:server:*:*:*", "matchCriteriaId": "B69320FF-4E93-475C-B995-85CF1A03DBDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.10:*:*:*:data_center:*:*:*", "matchCriteriaId": "FD430022-C74D-4340-88F9-21AB69485966", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.10:*:*:*:server:*:*:*", "matchCriteriaId": "549E2860-25D9-468C-891D-AD9BEADA08B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.11:*:*:*:data_center:*:*:*", "matchCriteriaId": "5C03D422-521C-48B2-B293-247232D1ED3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.11:*:*:*:server:*:*:*", "matchCriteriaId": "2B0DBCC1-2D1F-4DB3-A693-DA0FA18B9A5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.12:*:*:*:data_center:*:*:*", "matchCriteriaId": "34515441-AE13-4492-A08E-6521D840F689", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.12:*:*:*:server:*:*:*", "matchCriteriaId": "6FABE527-FED5-4BA3-ABF0-C89AD1228ED2", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.13:*:*:*:data_center:*:*:*", "matchCriteriaId": "6BE5E85B-7725-4DB9-8357-9097F777705D", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.13:*:*:*:server:*:*:*", "matchCriteriaId": "910A2B29-3502-499B-892F-F6AD473CA6F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.14:*:*:*:data_center:*:*:*", "matchCriteriaId": "2BAB1FDD-C213-48CB-B28B-802F0D1278A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.14:*:*:*:server:*:*:*", "matchCriteriaId": "59D09ED0-E31D-4C6B-A217-A3C58C209782", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.15:*:*:*:data_center:*:*:*", "matchCriteriaId": "746CCD4F-5411-4249-8A71-A47AD598498A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.15:*:*:*:server:*:*:*", "matchCriteriaId": "A055705E-4F63-4EB9-BABC-8888041D1E1F", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.16:*:*:*:data_center:*:*:*", "matchCriteriaId": "AFA32156-893E-44A7-9F18-73586F2E21AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.16:*:*:*:server:*:*:*", "matchCriteriaId": "631D10DC-9F03-4BEE-98DD-0759746825A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.17:*:*:*:data_center:*:*:*", "matchCriteriaId": "AFAC053F-3A53-4AD8-9393-49A837A38A8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.17:*:*:*:server:*:*:*", "matchCriteriaId": "FE355EB5-A0C4-471C-8E47-1898746D89C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.18:*:*:*:data_center:*:*:*", "matchCriteriaId": "CC230B1E-AA5E-4E76-92E5-41130C56DD34", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.18:*:*:*:server:*:*:*", "matchCriteriaId": "B764FD56-DBFF-46EE-9108-CF88591DC7A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.19:*:*:*:data_center:*:*:*", "matchCriteriaId": "3F369AD5-25DB-43E4-ADB5-22A774FC6F91", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.19:*:*:*:server:*:*:*", "matchCriteriaId": "454804E1-9C4C-41AA-ACB4-0150BB39669C", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.20:*:*:*:data_center:*:*:*", "matchCriteriaId": "79A73328-B3BF-4682-9B60-12A4039F9D1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.20:*:*:*:server:*:*:*", "matchCriteriaId": "2A75238E-A82C-4BE9-8300-2BE8B40C31CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.21:*:*:*:data_center:*:*:*", "matchCriteriaId": "1E7B8908-7F72-495B-B562-81E789643A60", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.21:*:*:*:server:*:*:*", "matchCriteriaId": "55A04426-7D52-4F90-9623-109F201223AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.22:*:*:*:data_center:*:*:*", "matchCriteriaId": "2CC10DC7-1B0B-41E6-B903-DC7E59F68517", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.22:*:*:*:server:*:*:*", "matchCriteriaId": "E7A19BC6-3F2B-4248-8255-BBA729F941C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.23:*:*:*:data_center:*:*:*", "matchCriteriaId": "DC4936AD-0B95-4687-B0A8-290E76D3ED7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.23:*:*:*:server:*:*:*", "matchCriteriaId": "33A3BC88-F6CC-4CDD-8842-2DC5C4706AC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.24:*:*:*:data_center:*:*:*", "matchCriteriaId": "AE05DF9B-2F49-45E9-AB47-A5FA18B6847E", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.24:*:*:*:server:*:*:*", "matchCriteriaId": "29F7D306-FC7F-4748-BC1D-6280654B8409", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.25:*:*:*:data_center:*:*:*", "matchCriteriaId": "C82EA42D-1583-4B6D-840E-69B804BD2902", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.25:*:*:*:server:*:*:*", "matchCriteriaId": "22D1EEB6-D4D1-46FC-BB60-CF33EE970E43", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.21.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "F1992CBB-135C-4CD7-8D9B-037EEE0530BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.21.0:*:*:*:server:*:*:*", "matchCriteriaId": "D8232A74-B1DA-48DD-9DF1-4D04F6091BE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.21.1:*:*:*:data_center:*:*:*", "matchCriteriaId": "F81B63AA-1086-448A-8D60-F5CF41BB1226", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.21.1:*:*:*:server:*:*:*", "matchCriteriaId": "2B8BBC24-532A-46AB-9D7D-241C43082E95", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "F629DC1E-E044-4D84-8D60-B4E6C139EE98", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.0:*:*:*:server:*:*:*", "matchCriteriaId": "4BDBC59C-C5C7-4848-8CCA-D4DF0354BFCA", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.1:*:*:*:data_center:*:*:*", "matchCriteriaId": "D2E75D91-EC8E-4BAC-B989-403120F84BAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.1:*:*:*:server:*:*:*", "matchCriteriaId": "FEA2A29A-D2AA-4688-888D-02923EEBFF4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.2:*:*:*:data_center:*:*:*", "matchCriteriaId": "93EEA37B-7E96-455D-9131-2CDB77889080", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.2:*:*:*:server:*:*:*", "matchCriteriaId": "71D2DC08-B93D-474B-9332-793A47E0A792", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.3:*:*:*:data_center:*:*:*", "matchCriteriaId": "9263586C-D6A5-48F4-8F36-F672377AAFAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.3:*:*:*:server:*:*:*", "matchCriteriaId": "01F142BF-C557-4D27-A263-0A77D3FBAA27", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.4:*:*:*:data_center:*:*:*", "matchCriteriaId": "BC250698-AA6D-46FC-923D-9A3EB0742697", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.4:*:*:*:server:*:*:*", "matchCriteriaId": "755B605C-E032-435B-90C3-FEB1EEBD43E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.6:*:*:*:data_center:*:*:*", "matchCriteriaId": "728DE946-60C8-433A-807B-45720C668B37", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.6:*:*:*:server:*:*:*", "matchCriteriaId": "F24C4029-A2D5-4B95-AE2B-10B035B28420", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.0.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "52672DE1-9B0D-4689-93AD-FF4B8A59E5EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.0.0:*:*:*:server:*:*:*", "matchCriteriaId": "D802B4FE-F56F-46C4-A84B-EB89931EC16E", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.1.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "17E30F04-14EF-4F4D-8124-D0DD04E9EDF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.1.0:*:*:*:server:*:*:*", "matchCriteriaId": "538503C1-F947-4BCF-836F-A609A601E064", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.1.1:*:*:*:data_center:*:*:*", "matchCriteriaId": "07105957-FEBE-4E02-88FB-A8DDAE67E8A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.1.1:*:*:*:server:*:*:*", "matchCriteriaId": "E40B10B9-F8C3-4279-A9AC-2E25AEF46D7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.2.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "C7D685CD-9CAD-42B5-B721-26203854F396", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.2.0:*:*:*:server:*:*:*", "matchCriteriaId": "269B2F72-56A3-4750-8665-7DE03DAE3DAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.2.1:*:*:*:data_center:*:*:*", "matchCriteriaId": "C600291E-2EDC-4F61-9FC1-C2C34C20EA4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.2.1:*:*:*:server:*:*:*", "matchCriteriaId": "C8D33E70-8A27-46A2-BB14-87181F8DA0F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "F09CAEB7-4C1F-4B5B-9921-6DD06FF9EB9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.0:*:*:*:server:*:*:*", "matchCriteriaId": "7E9F4E2A-E450-496C-B3E8-B0817BAD8817", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.1:*:*:*:data_center:*:*:*", "matchCriteriaId": "964CB4B7-1502-4E92-B7D2-D864C13E338B", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.1:*:*:*:server:*:*:*", "matchCriteriaId": "A9EFBC53-7C0B-408E-A745-0C83E9E38DAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.2:*:*:*:data_center:*:*:*", "matchCriteriaId": "18A70517-84A8-4866-9FE8-06D0608391E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.2:*:*:*:server:*:*:*", "matchCriteriaId": "E504A879-B312-4E8F-ADF9-8C1623B023AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.3:*:*:*:data_center:*:*:*", "matchCriteriaId": "9EE1449F-6F38-4677-9DB9-AF2D9A7C2AE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.3:*:*:*:server:*:*:*", "matchCriteriaId": "2BC5B994-25C4-4C00-8871-F3664878C83B", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "4484C6ED-659F-47F5-BFE2-7E9794FA51C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.0:*:*:*:server:*:*:*", "matchCriteriaId": "F4449121-125E-49D9-BF3E-2A6EA169B796", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.1:*:*:*:data_center:*:*:*", "matchCriteriaId": "C940817F-B265-4F42-AE19-DA2B49AC1D53", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.1:*:*:*:server:*:*:*", "matchCriteriaId": "099869F1-BC95-4828-A0F5-9BBADDC3F6F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.2:*:*:*:data_center:*:*:*", "matchCriteriaId": "601B5811-B1B8-4FF0-984B-62F07366615A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.2:*:*:*:server:*:*:*", "matchCriteriaId": "0D82DFCD-964E-406E-8329-E31A76FCFC64", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.3:*:*:*:data_center:*:*:*", "matchCriteriaId": "ED8B7E12-9139-4BCB-9A5A-C8B23A6F8628", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.3:*:*:*:server:*:*:*", "matchCriteriaId": "08F237B7-4C22-4A35-BC82-6B6E892B7EB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.4:*:*:*:data_center:*:*:*", "matchCriteriaId": "0EC83F47-180C-481B-88A8-0E3C6654774C", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.4:*:*:*:server:*:*:*", "matchCriteriaId": "2A3EA15F-DEBB-44A2-8CEA-B137AE8089CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.5:*:*:*:data_center:*:*:*", "matchCriteriaId": "428B70AC-35A2-4D4F-9670-43B601426DD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.5:*:*:*:server:*:*:*", "matchCriteriaId": "6314E670-88E8-4B09-9AF4-95E669A68A5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.6:*:*:*:data_center:*:*:*", "matchCriteriaId": "4486E929-E1A8-4731-BE7E-A8BCCE594ADA", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.6:*:*:*:server:*:*:*", "matchCriteriaId": "D24437F8-2B3A-4A0D-8C6C-A8B9E90457DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.7:*:*:*:data_center:*:*:*", "matchCriteriaId": "06843035-CE98-48C8-BCB1-02976D233077", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.7:*:*:*:server:*:*:*", "matchCriteriaId": "B98060AC-32A2-4F5A-A490-3E23F883D5A7", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.8:*:*:*:data_center:*:*:*", "matchCriteriaId": "9681965F-AD13-420C-8845-A544520042DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.8:*:*:*:server:*:*:*", "matchCriteriaId": "C9D2A5F2-F91C-4DA3-9EB6-441D17A6AB9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.9:*:*:*:data_center:*:*:*", "matchCriteriaId": "6F3F93E1-8BB2-40BD-B4A9-D4136B742F82", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.9:*:*:*:server:*:*:*", "matchCriteriaId": "549B3ADB-BAEF-4E45-856C-4B07F9FBB12A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.5.1:*:*:*:data_center:*:*:*", "matchCriteriaId": "941AD6CA-3F4E-43E5-AA68-95AB7C84F297", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.5.1:*:*:*:server:*:*:*", "matchCriteriaId": "4630E46A-817F-4238-989F-93C633A10058", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.6.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "25D8E4A5-2AB6-42D4-B6D4-54484149BE75", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.6.0:*:*:*:server:*:*:*", "matchCriteriaId": "9BA9FF1F-8F8C-47DD-9E7B-8B48FB453A83", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.7.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "D28343BD-5440-425E-AFEB-FC79EFB3C531", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.7.0:*:*:*:server:*:*:*", "matchCriteriaId": "F29E98F7-4768-48C8-9D1C-448006DF0FFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.7.1:*:*:*:data_center:*:*:*", "matchCriteriaId": "E8B3B4C6-4E76-4184-BE92-A6EF2B4CB8D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.7.1:*:*:*:server:*:*:*", "matchCriteriaId": "1320F61E-A562-438E-A19D-90C816920B63", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.8.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "35D28C45-8C74-4131-A2C5-1F1CE009BDED", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.8.0:*:*:*:server:*:*:*", "matchCriteriaId": "64D7B52D-46CA-4769-9631-9E3E45927003", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.8.1:*:*:*:data_center:*:*:*", "matchCriteriaId": "027F98AD-B508-4079-A1BD-EFDBDBA78331", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.8.1:*:*:*:server:*:*:*", "matchCriteriaId": "D80A8C83-C8B1-4ADF-B45B-550E6BA45AEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.9.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "54EB831D-3D4C-4807-AF42-DFF7D9176773", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.9.0:*:*:*:server:*:*:*", "matchCriteriaId": "031A34D6-C522-4301-BE02-83D3BADC8C7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.10.0:*:*:*:data_center:*:*:*", "matchCriteriaId": "109D37D3-3FC7-4443-974A-7D668ABE97D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:atlassian:jira_service_management:5.10.0:*:*:*:server:*:*:*", "matchCriteriaId": "30D20E35-0BAC-4D43-A619-10B6A4572CBB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description."}, {"lang": "es", "value": "La funci\u00f3n initDocumentParser en el archivo xml/XMLSchedulingDataProcessor.java en Quartz Scheduler de Terracotta hasta la versi\u00f3n 2.3.0, permite ataques de tipo XXE por medio de una descripci\u00f3n del trabajo."}], "id": "CVE-2019-13990", "lastModified": "2024-11-21T04:25:50.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2019-07-26T19:15:11.730", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/quartz-scheduler/quartz/issues/467"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221028-0002/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/quartz-scheduler/quartz/issues/467"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221028-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com//security-alerts/cpujul2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujul2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-611"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2020:3196", "cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7.8", "impact": "moderate", "package": "quartz", "product_name": "Red Hat Decision Manager 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:5568", "cpe": "cpe:/a:redhat:jboss_fuse:7", "impact": "low", "package": "quartz", "product_name": "Red Hat Fuse 7.8.0", "release_date": "2020-12-16T00:00:00Z"}, {"advisory": "RHSA-2020:3197", "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.8", "impact": "moderate", "package": "quartz", "product_name": "Red Hat Process Automation 7", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3247", "cpe": "cpe:/a:redhat:rhev_manager:4.4:el8", "impact": "moderate", "package": "rhvm-dependencies-0:4.4.0-1.el8ev", "product_name": "Red Hat Virtualization Engine 4.4", "release_date": "2020-08-04T00:00:00Z"}], "bugzilla": {"description": "libquartz: XXE attacks via job description", "id": "1801149", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801149"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-611", "details": ["initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.", "The Terracotta Quartz Scheduler is susceptible to an XML external entity attack (XXE) through a job description. This issue stems from inadequate handling of XML external entity (XXE) declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to access a maliciously crafted job description (containing XML content), a remote attacker could exploit this vulnerability to execute an XXE attack on the targeted system."], "name": "CVE-2019-13990", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "quartz", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Out of support scope", "impact": "moderate", "package_name": "quartz", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Fix deferred", "impact": "low", "package_name": "quartz", "product_name": "Red Hat Satellite 6"}], "public_date": "2019-07-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-13990\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-13990"], "statement": "Red Hat Satellite 6 uses a vulnerable version of libquartz as a dependency for Candlepin. However, the <job><descrition> entry is not used, and the vulnerability can not be triggered. An update may fix the code in the future.", "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object