Vulnerabilities (CVE)

Filtered by vendor Softwareag Subscribe
Filtered by product Quartz
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-39017 1 Softwareag 1 Quartz 2024-11-21 N/A 9.8 CRITICAL
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
CVE-2019-13990 5 Apache, Atlassian, Netapp and 2 more 31 Tomee, Jira Service Management, Active Iq Unified Manager and 28 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.