Vulnerabilities > Softwareag > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-06 | CVE-2023-0925 | Deserialization of Untrusted Data vulnerability in Softwareag Webmethods 10.11 Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. | 9.8 |
| 2023-07-28 | CVE-2023-39017 | Code Injection vulnerability in Softwareag Quartz quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. | 9.8 |
| 2022-04-05 | CVE-2021-33207 | Deserialization of Untrusted Data vulnerability in Softwareag Mashzone Nextgen 10.7 The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code. | 9.8 |
| 2020-12-16 | CVE-2020-35469 | Missing Authentication for Critical Function vulnerability in Softwareag Terracotta Server OSS 5.4.1 The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. | 9.8 |
| 2019-07-26 | CVE-2019-13990 | XXE vulnerability in multiple products initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. | 9.8 |