All the vulnerabilites related to softwareag - quartz
Vulnerability from fkie_nvd
Published
2023-07-28 15:15
Modified
2024-11-21 08:14
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
References
cve@mitre.orghttps://github.com/quartz-scheduler/quartz/issues/943Exploit, Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/quartz-scheduler/quartz/issues/943Exploit, Issue Tracking
Impacted products
Vendor Product Version
softwareag quartz *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:softwareag:quartz:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DFE306-E60E-422A-8019-275E2D8C4509",
              "versionEndIncluding": "2.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto que Quartz-jobs v2.3.2 e inferiores contienen una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en el componente \"org.quartz.jobs.ee.jms.SendQueueMessageJob.execute\". Esta vulnerabilidad se aprovecha pasando un argumento no comprobado. "
    }
  ],
  "id": "CVE-2023-39017",
  "lastModified": "2024-11-21T08:14:37.730",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-28T15:15:13.160",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://github.com/quartz-scheduler/quartz/issues/943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://github.com/quartz-scheduler/quartz/issues/943"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-07-26 19:15
Modified
2024-11-21 04:25
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
References
cve@mitre.orghttps://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.htmlThird Party Advisory
cve@mitre.orghttps://github.com/quartz-scheduler/quartz/issues/467Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3EThird Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3EPatch
cve@mitre.orghttps://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3EPatch
cve@mitre.orghttps://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3EIssue Tracking
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20221028-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/quartz-scheduler/quartz/issues/467Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3EThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3EPatch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3EPatch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20221028-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
Impacted products
Vendor Product Version
softwareag quartz *
oracle apache_batik_mapviewer 12.2.0.1
oracle apache_batik_mapviewer 18c
oracle apache_batik_mapviewer 19c
oracle banking_enterprise_originations 2.7.0
oracle banking_enterprise_originations 2.8.0
oracle banking_enterprise_product_manufacturing 2.7.0
oracle banking_enterprise_product_manufacturing 2.8.0
oracle banking_payments *
oracle communications_ip_service_activator 7.3.0
oracle communications_ip_service_activator 7.4.0
oracle communications_session_route_manager *
oracle customer_management_and_segmentation_foundation 18.0
oracle documaker *
oracle enterprise_manager_base_platform 13.2.1.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle flexcube_investor_servicing 12.1.0
oracle flexcube_investor_servicing 12.3.0
oracle flexcube_investor_servicing 12.4.0
oracle flexcube_investor_servicing 14.1.0
oracle flexcube_investor_servicing 14.4.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle fusion_middleware_mapviewer 12.2.1.3.0
oracle google_guava_mapviewer 12.2.0.1
oracle google_guava_mapviewer 18c
oracle google_guava_mapviewer 19c
oracle hyperion_infrastructure_technology 11.1.2.4
oracle jd_edwards_enterpriseone_orchestrator *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle retail_back_office 14.1
oracle retail_central_office 14.1
oracle retail_integration_bus 15.0
oracle retail_integration_bus 16.0
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_order_broker 18.0
oracle retail_order_broker 19.0
oracle retail_point-of-service 14.1
oracle retail_returns_management 14.1
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle terracotta_quartz_scheduler_mapviewer 12.2.0.1
oracle terracotta_quartz_scheduler_mapviewer 18c
oracle terracotta_quartz_scheduler_mapviewer 19c
oracle webcenter_sites 12.2.1.3.0
oracle webcenter_sites 12.2.1.4.0
apache tomee 7.1.3
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp cloud_secure_agent -
atlassian jira_service_management 4.20.0
atlassian jira_service_management 4.20.0
atlassian jira_service_management 4.20.1
atlassian jira_service_management 4.20.1
atlassian jira_service_management 4.20.2
atlassian jira_service_management 4.20.2
atlassian jira_service_management 4.20.3
atlassian jira_service_management 4.20.3
atlassian jira_service_management 4.20.4
atlassian jira_service_management 4.20.4
atlassian jira_service_management 4.20.5
atlassian jira_service_management 4.20.5
atlassian jira_service_management 4.20.6
atlassian jira_service_management 4.20.6
atlassian jira_service_management 4.20.7
atlassian jira_service_management 4.20.7
atlassian jira_service_management 4.20.8
atlassian jira_service_management 4.20.8
atlassian jira_service_management 4.20.9
atlassian jira_service_management 4.20.9
atlassian jira_service_management 4.20.10
atlassian jira_service_management 4.20.10
atlassian jira_service_management 4.20.11
atlassian jira_service_management 4.20.11
atlassian jira_service_management 4.20.12
atlassian jira_service_management 4.20.12
atlassian jira_service_management 4.20.13
atlassian jira_service_management 4.20.13
atlassian jira_service_management 4.20.14
atlassian jira_service_management 4.20.14
atlassian jira_service_management 4.20.15
atlassian jira_service_management 4.20.15
atlassian jira_service_management 4.20.16
atlassian jira_service_management 4.20.16
atlassian jira_service_management 4.20.17
atlassian jira_service_management 4.20.17
atlassian jira_service_management 4.20.18
atlassian jira_service_management 4.20.18
atlassian jira_service_management 4.20.19
atlassian jira_service_management 4.20.19
atlassian jira_service_management 4.20.20
atlassian jira_service_management 4.20.20
atlassian jira_service_management 4.20.21
atlassian jira_service_management 4.20.21
atlassian jira_service_management 4.20.22
atlassian jira_service_management 4.20.22
atlassian jira_service_management 4.20.23
atlassian jira_service_management 4.20.23
atlassian jira_service_management 4.20.24
atlassian jira_service_management 4.20.24
atlassian jira_service_management 4.20.25
atlassian jira_service_management 4.20.25
atlassian jira_service_management 4.21.0
atlassian jira_service_management 4.21.0
atlassian jira_service_management 4.21.1
atlassian jira_service_management 4.21.1
atlassian jira_service_management 4.22.0
atlassian jira_service_management 4.22.0
atlassian jira_service_management 4.22.1
atlassian jira_service_management 4.22.1
atlassian jira_service_management 4.22.2
atlassian jira_service_management 4.22.2
atlassian jira_service_management 4.22.3
atlassian jira_service_management 4.22.3
atlassian jira_service_management 4.22.4
atlassian jira_service_management 4.22.4
atlassian jira_service_management 4.22.6
atlassian jira_service_management 4.22.6
atlassian jira_service_management 5.0.0
atlassian jira_service_management 5.0.0
atlassian jira_service_management 5.1.0
atlassian jira_service_management 5.1.0
atlassian jira_service_management 5.1.1
atlassian jira_service_management 5.1.1
atlassian jira_service_management 5.2.0
atlassian jira_service_management 5.2.0
atlassian jira_service_management 5.2.1
atlassian jira_service_management 5.2.1
atlassian jira_service_management 5.3.0
atlassian jira_service_management 5.3.0
atlassian jira_service_management 5.3.1
atlassian jira_service_management 5.3.1
atlassian jira_service_management 5.3.2
atlassian jira_service_management 5.3.2
atlassian jira_service_management 5.3.3
atlassian jira_service_management 5.3.3
atlassian jira_service_management 5.4.0
atlassian jira_service_management 5.4.0
atlassian jira_service_management 5.4.1
atlassian jira_service_management 5.4.1
atlassian jira_service_management 5.4.2
atlassian jira_service_management 5.4.2
atlassian jira_service_management 5.4.3
atlassian jira_service_management 5.4.3
atlassian jira_service_management 5.4.4
atlassian jira_service_management 5.4.4
atlassian jira_service_management 5.4.5
atlassian jira_service_management 5.4.5
atlassian jira_service_management 5.4.6
atlassian jira_service_management 5.4.6
atlassian jira_service_management 5.4.7
atlassian jira_service_management 5.4.7
atlassian jira_service_management 5.4.8
atlassian jira_service_management 5.4.8
atlassian jira_service_management 5.4.9
atlassian jira_service_management 5.4.9
atlassian jira_service_management 5.5.1
atlassian jira_service_management 5.5.1
atlassian jira_service_management 5.6.0
atlassian jira_service_management 5.6.0
atlassian jira_service_management 5.7.0
atlassian jira_service_management 5.7.0
atlassian jira_service_management 5.7.1
atlassian jira_service_management 5.7.1
atlassian jira_service_management 5.8.0
atlassian jira_service_management 5.8.0
atlassian jira_service_management 5.8.1
atlassian jira_service_management 5.8.1
atlassian jira_service_management 5.9.0
atlassian jira_service_management 5.9.0
atlassian jira_service_management 5.10.0
atlassian jira_service_management 5.10.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:softwareag:quartz:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E3B3FD-2210-4419-86E7-0365320383F7",
              "versionEndExcluding": "2.3.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:apache_batik_mapviewer:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B8033B-C2A4-47A2-88F0-ED2BF8962518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:apache_batik_mapviewer:18c:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B1124B6-CECC-4D4D-A8D5-F05928A545AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:apache_batik_mapviewer:19c:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE19D2D-0789-4925-BC87-DC3A4C063FBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB8ABFD-C72C-4CBB-8872-9440A19154D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3054FEBB-484B-4927-9D1C-2024772E8B3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AED3C78-7D65-4F02-820D-B51BCE4022F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "557A23A1-4762-4D29-A478-D1670C1847D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF46C9A-7768-4E52-A676-BEA6AE766AD4",
              "versionEndIncluding": "14.4.0",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE48E0FE-5931-441C-B4FF-253BD9C48186",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "727DF4F5-3D21-491E-96B9-EC973A6C9C18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "135D531C-A692-4BE3-AB8C-37BB0D35559A",
              "versionEndIncluding": "12.6.4",
              "versionStartIncluding": "12.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66916DEB-ACE1-44E0-9535-10B3E03347AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21BE77B2-6368-470E-B9E6-21664D9A818A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3250073F-325A-4AFC-892F-F2005E3854A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69266D2-72D0-4A6C-883D-2597FE30931B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "524429D6-8AF1-4713-A9B8-678B50A3762F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06E586B3-3434-4B08-8BE3-16C528642CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:google_guava_mapviewer:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CCA59D2-2853-44F3-9C5C-CC59B49A6B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:google_guava_mapviewer:18c:*:*:*:*:*:*:*",
              "matchCriteriaId": "779EB0EC-2905-48BC-B375-E6E78B26A169",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:google_guava_mapviewer:19c:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19C4DBE-2889-4C13-A0E9-30D0CD1BF714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DED59B62-C9BF-4C0E-B351-3884E8441655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A0A4A6-70D3-418B-80EA-04718C50C500",
              "versionEndIncluding": "9.2.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFB0BB58-04D3-409D-AECC-9633782F0E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E75624C-68FA-465C-86B3-BCFB649C4782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:18c:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B7DF2FA-F290-40F7-ABD1-AB50EEBC83B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:terracotta_quartz_scheduler_mapviewer:19c:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4D4E5C1-D4A6-464D-9DF3-A9DDD1912FBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "174A6D2E-E42E-4C92-A194-C6A820CD7EF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomee:7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E74771B8-99DA-434F-ADCF-258838674E18",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
              "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_secure_agent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0F202E8-97E6-4BBB-A0B6-4CA3F5803C08",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "E70C8416-E4F6-44BC-BDF9-BB1BAE7E185F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "1363F683-E350-4639-A973-A82BDD83A3A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.1:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "7BAB5016-8439-4E01-8911-8B472EF38E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.1:*:*:*:server:*:*:*",
              "matchCriteriaId": "F8EF8DCE-7266-49B1-AE2E-96079A2AD6E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.2:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "029B8E7F-65EF-4984-A27B-8198D8EB18DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.2:*:*:*:server:*:*:*",
              "matchCriteriaId": "55C7B96B-2A2F-47F9-BBBD-0E25F8AF8F02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.3:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "160B6A9E-41DC-4999-B3CC-A16B3A16D2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.3:*:*:*:server:*:*:*",
              "matchCriteriaId": "FC59154D-036C-4F22-B5F1-891527A3EC6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.4:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "6AD2CA00-9D6C-4DAC-90E6-BE1D93555C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.4:*:*:*:server:*:*:*",
              "matchCriteriaId": "2FDF2DF4-B0EE-4179-AF98-B21EBB2E1D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.5:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "AF85E227-F167-4CCB-A039-D96CC080B032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.5:*:*:*:server:*:*:*",
              "matchCriteriaId": "EDA3B2B5-C9EA-4D26-AEF4-F86792FB9ADC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.6:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "93DDAE6E-DB31-429A-B4EB-955E080A4545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.6:*:*:*:server:*:*:*",
              "matchCriteriaId": "DF994E6C-6262-4230-BBC6-E464EBC1B0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.7:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "25DA87CA-362C-4558-AA42-265DA1F8C26D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.7:*:*:*:server:*:*:*",
              "matchCriteriaId": "EF410408-CD38-408A-97C4-1103EF8AF68D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.8:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "037D6CB0-959B-468E-87DD-8B1110A14ED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.8:*:*:*:server:*:*:*",
              "matchCriteriaId": "1B885DB6-2DEA-4EB4-97BC-2BF30BC45544",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.9:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "C83E3571-CD54-40A2-AAC0-20F67954642B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.9:*:*:*:server:*:*:*",
              "matchCriteriaId": "B69320FF-4E93-475C-B995-85CF1A03DBDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.10:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "FD430022-C74D-4340-88F9-21AB69485966",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.10:*:*:*:server:*:*:*",
              "matchCriteriaId": "549E2860-25D9-468C-891D-AD9BEADA08B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.11:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "5C03D422-521C-48B2-B293-247232D1ED3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.11:*:*:*:server:*:*:*",
              "matchCriteriaId": "2B0DBCC1-2D1F-4DB3-A693-DA0FA18B9A5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.12:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "34515441-AE13-4492-A08E-6521D840F689",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.12:*:*:*:server:*:*:*",
              "matchCriteriaId": "6FABE527-FED5-4BA3-ABF0-C89AD1228ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.13:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "6BE5E85B-7725-4DB9-8357-9097F777705D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.13:*:*:*:server:*:*:*",
              "matchCriteriaId": "910A2B29-3502-499B-892F-F6AD473CA6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.14:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "2BAB1FDD-C213-48CB-B28B-802F0D1278A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.14:*:*:*:server:*:*:*",
              "matchCriteriaId": "59D09ED0-E31D-4C6B-A217-A3C58C209782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.15:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "746CCD4F-5411-4249-8A71-A47AD598498A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.15:*:*:*:server:*:*:*",
              "matchCriteriaId": "A055705E-4F63-4EB9-BABC-8888041D1E1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.16:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "AFA32156-893E-44A7-9F18-73586F2E21AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.16:*:*:*:server:*:*:*",
              "matchCriteriaId": "631D10DC-9F03-4BEE-98DD-0759746825A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.17:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "AFAC053F-3A53-4AD8-9393-49A837A38A8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.17:*:*:*:server:*:*:*",
              "matchCriteriaId": "FE355EB5-A0C4-471C-8E47-1898746D89C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.18:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "CC230B1E-AA5E-4E76-92E5-41130C56DD34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.18:*:*:*:server:*:*:*",
              "matchCriteriaId": "B764FD56-DBFF-46EE-9108-CF88591DC7A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.19:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "3F369AD5-25DB-43E4-ADB5-22A774FC6F91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.19:*:*:*:server:*:*:*",
              "matchCriteriaId": "454804E1-9C4C-41AA-ACB4-0150BB39669C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.20:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "79A73328-B3BF-4682-9B60-12A4039F9D1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.20:*:*:*:server:*:*:*",
              "matchCriteriaId": "2A75238E-A82C-4BE9-8300-2BE8B40C31CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.21:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "1E7B8908-7F72-495B-B562-81E789643A60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.21:*:*:*:server:*:*:*",
              "matchCriteriaId": "55A04426-7D52-4F90-9623-109F201223AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.22:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "2CC10DC7-1B0B-41E6-B903-DC7E59F68517",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.22:*:*:*:server:*:*:*",
              "matchCriteriaId": "E7A19BC6-3F2B-4248-8255-BBA729F941C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.23:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "DC4936AD-0B95-4687-B0A8-290E76D3ED7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.23:*:*:*:server:*:*:*",
              "matchCriteriaId": "33A3BC88-F6CC-4CDD-8842-2DC5C4706AC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.24:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "AE05DF9B-2F49-45E9-AB47-A5FA18B6847E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.24:*:*:*:server:*:*:*",
              "matchCriteriaId": "29F7D306-FC7F-4748-BC1D-6280654B8409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.25:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "C82EA42D-1583-4B6D-840E-69B804BD2902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.20.25:*:*:*:server:*:*:*",
              "matchCriteriaId": "22D1EEB6-D4D1-46FC-BB60-CF33EE970E43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.21.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "F1992CBB-135C-4CD7-8D9B-037EEE0530BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.21.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "D8232A74-B1DA-48DD-9DF1-4D04F6091BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.21.1:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "F81B63AA-1086-448A-8D60-F5CF41BB1226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.21.1:*:*:*:server:*:*:*",
              "matchCriteriaId": "2B8BBC24-532A-46AB-9D7D-241C43082E95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "F629DC1E-E044-4D84-8D60-B4E6C139EE98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "4BDBC59C-C5C7-4848-8CCA-D4DF0354BFCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.1:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "D2E75D91-EC8E-4BAC-B989-403120F84BAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.1:*:*:*:server:*:*:*",
              "matchCriteriaId": "FEA2A29A-D2AA-4688-888D-02923EEBFF4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.2:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "93EEA37B-7E96-455D-9131-2CDB77889080",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.2:*:*:*:server:*:*:*",
              "matchCriteriaId": "71D2DC08-B93D-474B-9332-793A47E0A792",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.3:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "9263586C-D6A5-48F4-8F36-F672377AAFAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.3:*:*:*:server:*:*:*",
              "matchCriteriaId": "01F142BF-C557-4D27-A263-0A77D3FBAA27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.4:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "BC250698-AA6D-46FC-923D-9A3EB0742697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.4:*:*:*:server:*:*:*",
              "matchCriteriaId": "755B605C-E032-435B-90C3-FEB1EEBD43E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.6:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "728DE946-60C8-433A-807B-45720C668B37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:4.22.6:*:*:*:server:*:*:*",
              "matchCriteriaId": "F24C4029-A2D5-4B95-AE2B-10B035B28420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.0.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "52672DE1-9B0D-4689-93AD-FF4B8A59E5EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.0.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "D802B4FE-F56F-46C4-A84B-EB89931EC16E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.1.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "17E30F04-14EF-4F4D-8124-D0DD04E9EDF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.1.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "538503C1-F947-4BCF-836F-A609A601E064",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.1.1:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "07105957-FEBE-4E02-88FB-A8DDAE67E8A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.1.1:*:*:*:server:*:*:*",
              "matchCriteriaId": "E40B10B9-F8C3-4279-A9AC-2E25AEF46D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.2.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "C7D685CD-9CAD-42B5-B721-26203854F396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.2.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "269B2F72-56A3-4750-8665-7DE03DAE3DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.2.1:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "C600291E-2EDC-4F61-9FC1-C2C34C20EA4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.2.1:*:*:*:server:*:*:*",
              "matchCriteriaId": "C8D33E70-8A27-46A2-BB14-87181F8DA0F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "F09CAEB7-4C1F-4B5B-9921-6DD06FF9EB9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "7E9F4E2A-E450-496C-B3E8-B0817BAD8817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.1:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "964CB4B7-1502-4E92-B7D2-D864C13E338B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.1:*:*:*:server:*:*:*",
              "matchCriteriaId": "A9EFBC53-7C0B-408E-A745-0C83E9E38DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.2:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "18A70517-84A8-4866-9FE8-06D0608391E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.2:*:*:*:server:*:*:*",
              "matchCriteriaId": "E504A879-B312-4E8F-ADF9-8C1623B023AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.3:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "9EE1449F-6F38-4677-9DB9-AF2D9A7C2AE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.3.3:*:*:*:server:*:*:*",
              "matchCriteriaId": "2BC5B994-25C4-4C00-8871-F3664878C83B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "4484C6ED-659F-47F5-BFE2-7E9794FA51C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "F4449121-125E-49D9-BF3E-2A6EA169B796",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.1:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "C940817F-B265-4F42-AE19-DA2B49AC1D53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.1:*:*:*:server:*:*:*",
              "matchCriteriaId": "099869F1-BC95-4828-A0F5-9BBADDC3F6F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.2:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "601B5811-B1B8-4FF0-984B-62F07366615A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.2:*:*:*:server:*:*:*",
              "matchCriteriaId": "0D82DFCD-964E-406E-8329-E31A76FCFC64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.3:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "ED8B7E12-9139-4BCB-9A5A-C8B23A6F8628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.3:*:*:*:server:*:*:*",
              "matchCriteriaId": "08F237B7-4C22-4A35-BC82-6B6E892B7EB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.4:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "0EC83F47-180C-481B-88A8-0E3C6654774C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.4:*:*:*:server:*:*:*",
              "matchCriteriaId": "2A3EA15F-DEBB-44A2-8CEA-B137AE8089CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.5:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "428B70AC-35A2-4D4F-9670-43B601426DD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.5:*:*:*:server:*:*:*",
              "matchCriteriaId": "6314E670-88E8-4B09-9AF4-95E669A68A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.6:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "4486E929-E1A8-4731-BE7E-A8BCCE594ADA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.6:*:*:*:server:*:*:*",
              "matchCriteriaId": "D24437F8-2B3A-4A0D-8C6C-A8B9E90457DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.7:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "06843035-CE98-48C8-BCB1-02976D233077",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.7:*:*:*:server:*:*:*",
              "matchCriteriaId": "B98060AC-32A2-4F5A-A490-3E23F883D5A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.8:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "9681965F-AD13-420C-8845-A544520042DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.8:*:*:*:server:*:*:*",
              "matchCriteriaId": "C9D2A5F2-F91C-4DA3-9EB6-441D17A6AB9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.9:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "6F3F93E1-8BB2-40BD-B4A9-D4136B742F82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.4.9:*:*:*:server:*:*:*",
              "matchCriteriaId": "549B3ADB-BAEF-4E45-856C-4B07F9FBB12A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.5.1:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "941AD6CA-3F4E-43E5-AA68-95AB7C84F297",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.5.1:*:*:*:server:*:*:*",
              "matchCriteriaId": "4630E46A-817F-4238-989F-93C633A10058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.6.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "25D8E4A5-2AB6-42D4-B6D4-54484149BE75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.6.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "9BA9FF1F-8F8C-47DD-9E7B-8B48FB453A83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.7.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "D28343BD-5440-425E-AFEB-FC79EFB3C531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.7.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "F29E98F7-4768-48C8-9D1C-448006DF0FFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.7.1:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "E8B3B4C6-4E76-4184-BE92-A6EF2B4CB8D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.7.1:*:*:*:server:*:*:*",
              "matchCriteriaId": "1320F61E-A562-438E-A19D-90C816920B63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.8.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "35D28C45-8C74-4131-A2C5-1F1CE009BDED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.8.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "64D7B52D-46CA-4769-9631-9E3E45927003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.8.1:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "027F98AD-B508-4079-A1BD-EFDBDBA78331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.8.1:*:*:*:server:*:*:*",
              "matchCriteriaId": "D80A8C83-C8B1-4ADF-B45B-550E6BA45AEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.9.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "54EB831D-3D4C-4807-AF42-DFF7D9176773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.9.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "031A34D6-C522-4301-BE02-83D3BADC8C7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.10.0:*:*:*:data_center:*:*:*",
              "matchCriteriaId": "109D37D3-3FC7-4443-974A-7D668ABE97D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:atlassian:jira_service_management:5.10.0:*:*:*:server:*:*:*",
              "matchCriteriaId": "30D20E35-0BAC-4D43-A619-10B6A4572CBB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n initDocumentParser en el archivo xml/XMLSchedulingDataProcessor.java en Quartz Scheduler de Terracotta hasta la versi\u00f3n 2.3.0, permite ataques de tipo XXE por medio de una descripci\u00f3n del trabajo."
    }
  ],
  "id": "CVE-2019-13990",
  "lastModified": "2024-11-21T04:25:50.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2019-07-26T19:15:11.730",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/quartz-scheduler/quartz/issues/467"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221028-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/quartz-scheduler/quartz/issues/467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221028-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

cve-2023-39017
Vulnerability from cvelistv5
Published
2023-07-28 00:00
Modified
2024-08-02 17:54
Severity ?
Summary
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
References
https://github.com/quartz-scheduler/quartz/issues/943
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-39017",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T17:03:11.334851Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T17:03:26.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:54:39.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/quartz-scheduler/quartz/issues/943"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-28T21:17:24.918488",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/quartz-scheduler/quartz/issues/943"
        }
      ],
      "tags": [
        "disputed"
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-39017",
    "datePublished": "2023-07-28T00:00:00",
    "dateReserved": "2023-07-25T00:00:00",
    "dateUpdated": "2024-08-02T17:54:39.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-13990
Vulnerability from cvelistv5
Published
2019-07-26 00:00
Modified
2024-10-15 18:22
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.
References
https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3Emailing-list
https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3Emailing-list
https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3Emailing-list
https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3Emailing-list
https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3Emailing-list
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://github.com/quartz-scheduler/quartz/issues/467
https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3Emailing-list
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://security.netapp.com/advisory/ntap-20221028-0002/
https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:05:44.151Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[tomee-dev] 20190830 Re: Quartz CVE-2019-13990",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190830 Quartz CVE-2019-13990",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190908 Re: Quartz CVE-2019-13990",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20190908 svn commit: r1866633 - /tomee/deps/trunk/quartz-openejb-shade/pom.xml",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190923 Re: [VOTE] Release quartz-openejb-shade 2.2.4",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/quartz-scheduler/quartz/issues/467"
          },
          {
            "name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221028-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-13990",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:36:32.053865Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-611",
                "description": "CWE-611 Improper Restriction of XML External Entity Reference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T18:22:20.316Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-28T05:44:55.522130",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[tomee-dev] 20190830 Re: Quartz CVE-2019-13990",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/e493e718a50f21201e05e82d42a8796b4046e83f0d286b90e58e0629%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190830 Quartz CVE-2019-13990",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/1870324fea41ea68cff2fd1bf6ee2747432dc1d9d22a22cc681e0ec3%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190908 Re: Quartz CVE-2019-13990",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/6b6e3480b19856365fb5eef03aa0915a4679de4b019a1e975502d949%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20190908 svn commit: r1866633 - /tomee/deps/trunk/quartz-openejb-shade/pom.xml",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/f74b170d3d58d7a24db1afd3908bb0ab58a3900e16e73275674cdfaf%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190923 Re: [VOTE] Release quartz-openejb-shade 2.2.4",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/172d405e556e2f1204be126bb3eb28c5115af91bcc1651b4e870bb82%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "https://github.com/quartz-scheduler/quartz/issues/467"
        },
        {
          "name": "[tomee-commits] 20200720 [jira] [Created] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/re9b56ac1934d7bf16afc83eac1c39c98c1b20b4b15891dce923bf8aa%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200720 [jira] [Commented] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r3a6884e8d819f32cde8c07b98934de3e80467859880f784950bf44cf%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200720 [jira] [Assigned] (TOMEE-2886) Update quartz-scheduler to mitigate CVE-2019-13990",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r21df13c8bd2c2eae4b9661aae814c4a2a814d1f7875c765b8b115c9a%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221028-0002/"
        },
        {
          "url": "https://confluence.atlassian.com/security/ssot-117-cve-2019-13990-xxe-xml-external-entity-injection-vulnerability-in-jira-service-management-data-center-and-jira-service-management-server-1295385959.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-13990",
    "datePublished": "2019-07-26T00:00:00",
    "dateReserved": "2019-07-19T00:00:00",
    "dateUpdated": "2024-10-15T18:22:20.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}