initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApache Tomee
APPApache7.1.3Atlassian Jira Service Management
APPAtlassian4.20.04.20.14.20.104.20.114.20.124.20.134.20.144.20.154.20.164.20.174.20.184.20.194.20.24.20.204.20.21+ 29 więcejNetapp Active Iq Unified Manager
APPNetappwszystkie wersjeNetapp Cloud Secure Agent
APPNetappwszystkie wersjeOracle Apache Batik Mapviewer
APPOracle12.2.0.118c19cOracle Banking Enterprise Originations
APPOracle2.7.02.8.0Oracle Banking Enterprise Product Manufacturing
APPOracle2.7.02.8.0Oracle Banking Payments
APPOracle14.1.0 – 14.4.0Oracle Communications Ip Service Activator
APPOracle7.3.07.4.0Oracle Communications Session Route Manager
APPOracle8.2.0 – 8.2.2Oracle Customer Management And Segmentation Foundation
APPOracle18.0Oracle Documaker
APPOracle12.6.0 – 12.6.4Oracle Enterprise Manager Base Platform
APPOracle13.2.1.0Oracle Enterprise Manager Ops Center
APPOracle12.4.0.0Oracle Flexcube Investor Servicing
APPOracle12.1.012.3.012.4.014.1.014.4.0Oracle Flexcube Private Banking
APPOracle12.0.012.1.0Oracle Fusion Middleware Mapviewer
APPOracle12.2.1.3.0Oracle Google Guava Mapviewer
APPOracle12.2.0.118c19cOracle Hyperion Infrastructure Technology
APPOracle11.1.2.4Oracle Jd Edwards Enterpriseone Orchestrator
APPOracle≤ 9.2.5.3Oracle Primavera Unifier
APPOracle16.116.218.817.7 – 17.12Oracle Retail Back Office
APPOracle14.1Oracle Retail Central Office
APPOracle14.1Oracle Retail Integration Bus
APPOracle15.016.0Oracle Retail Order Broker
APPOracle15.016.018.019.0Oracle Retail Point Of Service
APPOracle14.1Oracle Retail Returns Management
APPOracle14.1Oracle Retail Xstore Point Of Service
APPOracle15.016.017.018.019.0Oracle Terracotta Quartz Scheduler Mapviewer
APPOracle12.2.0.118c19cOracle Webcenter Sites
APPOracle12.2.1.3.012.2.1.4.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
XXE
Referencje
Powiązane podatności
CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...
CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...
CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
CVE-2026-46832CRITICAL9.9ten sam produkt
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...