Filtered by vendor Sos-berlin
Subscribe
Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-12712 | 1 Sos-berlin | 1 Jobscheduler | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile. | |||||
CVE-2020-6854 | 1 Sos-berlin | 1 Jobscheduler | 2020-02-07 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API. | |||||
CVE-2020-6855 | 1 Sos-berlin | 1 Jobscheduler | 2020-02-07 | 6.8 MEDIUM | 6.5 MEDIUM |
A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service. | |||||
CVE-2020-6856 | 1 Sos-berlin | 1 Jobscheduler | 2020-02-07 | 4.0 MEDIUM | 6.5 MEDIUM |
An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders. |