softwareag quartz CVE-2019-13990 vulnerability in Softwareag and Other Products
Published on July 26, 2019

product logo product logo product logo product logo product logo
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

NVD

Vulnerability Analysis

CVE-2019-13990 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a XXE Vulnerability?

The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

CVE-2019-13990 has been classified to as a XXE vulnerability or weakness.


Products Associated with CVE-2019-13990

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-13990 are published in these products:

Softwareag Quartz
 
Oracle Apache Batik Mapviewer
 
Oracle Banking Enterprise Originations
 
Oracle Banking Enterprise Product Manufacturing
 
Oracle Banking Payments
 
Oracle Communications Ip Service Activator
 
Oracle Communications Session Route Manager
 
Oracle Customer Management Segmentation Foundation
 
Oracle Documaker
 
Oracle Enterprise Manager Base Platform
 
Oracle Enterprise Manager Ops Center
 
Oracle Flexcube Investor Servicing
 
Oracle Flexcube Private Banking
 
Oracle Fusion Middleware Mapviewer
 
Oracle Google Guava Mapviewer
 
Oracle Hyperion Infrastructure Technology
 
Oracle Jd Edwards Enterpriseone Orchestrator
 
Oracle Primavera Unifier
 
Oracle Retail Back Office
 
Oracle Retail Central Office
 
Oracle Retail Integration Bus
 
Oracle Retail Order Broker
 
Oracle Retail Point Of Service
 
Oracle Retail Returns Management
 
Oracle Retail Xstore Point Of Service
 
Oracle Terracotta Quartz Scheduler Mapviewer
 
Oracle Webcenter Sites
 
Apache Tomee
 
NetApp Active Iq Unified Manager
 
NetApp Cloud Secure Agent
 
Atlassian Jira
 

Exploit Probability

EPSS
7.95%
Percentile
91.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.