Vulnerabilities > SOS Berlin > Jobscheduler > 1.11

DATE CVE VULNERABILITY TITLE RISK
2020-02-06 CVE-2020-6856 XML Entity Expansion vulnerability in Sos-Berlin Jobscheduler 1.11/1.13.2
An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.
network
low complexity
sos-berlin CWE-776
4.0
4.0
2020-02-06 CVE-2020-6855 Infinite Loop vulnerability in Sos-Berlin Jobscheduler 1.11/1.13.2
A large or infinite loop vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to parameterize housekeeping jobs in a way that exhausts system resources and results in a denial of service.
network
low complexity
sos-berlin CWE-835
6.8
6.8
2020-02-05 CVE-2020-6854 Cross-site Scripting vulnerability in Sos-Berlin Jobscheduler 1.11/1.13.2
A cross-site scripting (XSS) vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API.
network
sos-berlin CWE-79
3.5
3.5