CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2019-13990

CVSS 9.8v3.1pub. 2019-07-26upd. 2024-11-21

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Tomee

    APP
    Apache
    7.1.3
  • Atlassian Jira Service Management

    APP
    Atlassian
    4.20.04.20.14.20.104.20.114.20.124.20.134.20.144.20.154.20.164.20.174.20.184.20.194.20.24.20.204.20.21+ 29 więcej
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Cloud Secure Agent

    APP
    Netapp
    wszystkie wersje
  • Oracle Apache Batik Mapviewer

    APP
    Oracle
    12.2.0.118c19c
  • Oracle Banking Enterprise Originations

    APP
    Oracle
    2.7.02.8.0
  • Oracle Banking Enterprise Product Manufacturing

    APP
    Oracle
    2.7.02.8.0
  • Oracle Banking Payments

    APP
    Oracle
    14.1.0 – 14.4.0
  • Oracle Communications Ip Service Activator

    APP
    Oracle
    7.3.07.4.0
  • Oracle Communications Session Route Manager

    APP
    Oracle
    8.2.0 – 8.2.2
  • Oracle Customer Management And Segmentation Foundation

    APP
    Oracle
    18.0
  • Oracle Documaker

    APP
    Oracle
    12.6.0 – 12.6.4
  • Oracle Enterprise Manager Base Platform

    APP
    Oracle
    13.2.1.0
  • Oracle Enterprise Manager Ops Center

    APP
    Oracle
    12.4.0.0
  • Oracle Flexcube Investor Servicing

    APP
    Oracle
    12.1.012.3.012.4.014.1.014.4.0
  • Oracle Flexcube Private Banking

    APP
    Oracle
    12.0.012.1.0
  • Oracle Fusion Middleware Mapviewer

    APP
    Oracle
    12.2.1.3.0
  • Oracle Google Guava Mapviewer

    APP
    Oracle
    12.2.0.118c19c
  • Oracle Hyperion Infrastructure Technology

    APP
    Oracle
    11.1.2.4
  • Oracle Jd Edwards Enterpriseone Orchestrator

    APP
    Oracle
    ≤ 9.2.5.3
  • Oracle Primavera Unifier

    APP
    Oracle
    16.116.218.817.7 – 17.12
  • Oracle Retail Back Office

    APP
    Oracle
    14.1
  • Oracle Retail Central Office

    APP
    Oracle
    14.1
  • Oracle Retail Integration Bus

    APP
    Oracle
    15.016.0
  • Oracle Retail Order Broker

    APP
    Oracle
    15.016.018.019.0
  • Oracle Retail Point Of Service

    APP
    Oracle
    14.1
  • Oracle Retail Returns Management

    APP
    Oracle
    14.1
  • Oracle Retail Xstore Point Of Service

    APP
    Oracle
    15.016.017.018.019.0
  • Oracle Terracotta Quartz Scheduler Mapviewer

    APP
    Oracle
    12.2.0.118c19c
  • Oracle Webcenter Sites

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XXE
CWE
References

Related vulnerabilities

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2026-46832CRITICAL9.9ten sam produkt

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: ...