initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
22 Dec 2023, 16:35
Type | Values Removed | Values Added |
---|---|---|
First Time |
Atlassian
Atlassian jira Service Management |
|
CPE | cpe:2.3:a:atlassian:jira_service_management:5.4.6:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.2:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.9:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.1:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.5:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.3.3:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.21.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.21:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.1:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.1:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.19:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.18:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.7.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.5.1:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.1.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.14:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.6:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.24:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.23:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.3.2:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.4:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.2.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.3:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.9:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.8:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.4:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.21:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.9:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.7:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.24:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.4:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.3.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.16:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.3:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.6:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.3.1:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.21.1:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.1:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.1:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.0.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.8.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.18:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.17:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.2.1:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.2.1:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.7:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.10.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.8:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.3:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.5:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.5.1:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.9:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.9.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.16:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.19:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.13:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.9.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.10:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.23:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.3.1:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.3:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.0.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.3.2:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.5:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.7.1:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.11:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.10:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.6:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.2.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.4:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.20:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.4:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.15:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.13:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.12:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.1.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.22:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.8:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.8:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.2:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.8.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.3:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.1.1:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.7.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.2:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.10.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.7:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.4:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.2:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.6.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.20:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.12:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.6.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.22:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.8.1:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.7:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.3.3:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.6:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.7.1:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.2:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.5:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.21.0:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.14:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.17:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.15:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.2:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.11:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.8.1:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.6:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.21.1:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.4.3:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.1.1:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:5.3.0:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.25:*:*:*:data_center:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.20.25:*:*:*:server:*:*:* cpe:2.3:a:atlassian:jira_service_management:4.22.1:*:*:*:data_center:*:*:* |
|
References | () https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E - Issue Tracking | |
References | () https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E - Issue Tracking | |
References | () https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E - Issue Tracking | |
References | () https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E - Third Party Advisory | |
References | (MISC) https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html - Third Party Advisory | |
References | () https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E - Patch | |
References | () https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E - Patch | |
References | () https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E - Issue Tracking | |
References | () https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E - Issue Tracking |
07 Nov 2023, 03:04
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 Oct 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-07-26 19:15
Updated : 2024-10-15 19:35
NVD link : CVE-2019-13990
Mitre link : CVE-2019-13990
CVE.ORG link : CVE-2019-13990
JSON object : View
Products Affected
softwareag
- quartz
oracle
- webcenter_sites
- terracotta_quartz_scheduler_mapviewer
- documaker
- flexcube_investor_servicing
- flexcube_private_banking
- retail_order_broker
- enterprise_manager_base_platform
- retail_returns_management
- retail_xstore_point_of_service
- retail_back_office
- google_guava_mapviewer
- hyperion_infrastructure_technology
- communications_session_route_manager
- apache_batik_mapviewer
- banking_payments
- communications_ip_service_activator
- banking_enterprise_product_manufacturing
- retail_integration_bus
- banking_enterprise_originations
- customer_management_and_segmentation_foundation
- primavera_unifier
- enterprise_manager_ops_center
- retail_central_office
- jd_edwards_enterpriseone_orchestrator
- fusion_middleware_mapviewer
- retail_point-of-service
atlassian
- jira_service_management
netapp
- active_iq_unified_manager
- cloud_secure_agent
apache
- tomee
CWE
CWE-611
Improper Restriction of XML External Entity Reference