← Back to CVEs
CVE-2020-6856
MEDIUM6.5
Description
An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.
CVE Details
CVSS v3.1 Score6.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published2/6/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
sos-berlin:jobscheduler
Weaknesses (CWE)
CWE-776
References
https://change.sos-berlin.com/browse/JOC-853(cve@mitre.org)
https://change.sos-berlin.com/browse/JOC-853(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.