cbcvebase.

Sos-Berlin Jobscheduler vulnerabilities

5 known vulnerabilities affecting sos-berlin/jobscheduler.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2020-12712P3HIGHCVSS 7.5PoC≥ 1.12.0, ≤ 1.12.12≥ 1.13.0, ≤ 1.13.32020-06-11
CVE-2020-12712 [HIGH] CWE-330 CVE-2020-12712: A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.
nvd
CVE-2020-6856P3MEDIUMCVSS 6.5v1.11v1.13.22020-02-06
CVE-2020-6856 [MEDIUM] CWE-776 CVE-2020-6856: An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1 An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.
nvd
CVE-2020-6855P4MEDIUMCVSS 6.5v1.11v1.13.22020-02-06
CVE-2020-6855 [MEDIUM] CWE-835 CVE-2020-6855: A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.1 A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service.
nvd
CVE-2023-37272P4MEDIUMCVSS 5.4fixed in 1.13.192023-07-13
CVE-2023-37272 [MEDIUM] CWE-79 CVE-2023-37272: JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-gene JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1.13 of JobScheduler (JS1). The vulnerability does not af
nvd
CVE-2020-6854P4MEDIUMCVSS 5.4v1.11v1.13.22020-02-05
CVE-2020-6854 [MEDIUM] CWE-79 CVE-2020-6854: A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API.
nvd
Sos-Berlin Jobscheduler vulnerabilities | cvebase