Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2023-2272
HistoryOct 22, 2023 - 6:16 a.m.

Advisory ROSA-SA-2023-2272

2023-10-2206:16:50
ROSA LAB
abf.rosalinux.ru
18
rosa-chrome
quartz 2.2.1
xxe attacks
job description
cve-2019-13990
fixed
terracotta quartz scheduler
dnf update

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.1%

JSON

software: quartz 2.2.1
OS: ROSA-CHROME

package_evr_string: quartz-2.2.1-11.src.rpm

CVE-ID: CVE-2019-13990
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC.: initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler before version 2.3.0 allows XXE attacks via job description.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update quartz

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchquartz< 2.2.1UNKNOWN

Related

ubuntucve 1
ibm 6
redhatcve 1
osv 2
cve 1
github 1
prion 1
openvas 1
nessus 7
cvelist 1
mageia 1
veracode 1
nvd 1
atlassian 1
debiancve 1
redhat 4
qualysblog 2
oracle 8
ubuntucve
ubuntucve
CVE-2019-13990
2019-07-26 00:00:00
ibm
ibm
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - Terracotta Quartz ( CVE-2019-13990)
2020-10-27 23:52:58
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Terracotta Quartz Scheduler
2020-08-29 08:57:53
Security Bulletin: Quartz vulnerability affects IBM Spectrum Protect Plus (CVE-2019-13990)
2020-06-12 20:12:45
redhatcve
redhatcve
CVE-2019-13990
2020-02-10 11:44:18
osv
osv
CVE-2019-13990
2019-07-26 19:15:11
XML external entity injection in Terracotta Quartz Scheduler
2020-07-01 17:55:03
cve
cve
CVE-2019-13990
2019-07-26 19:15:11
github
github
XML external entity injection in Terracotta Quartz Scheduler
2020-07-01 17:55:03
prion
prion
Design/Logic Flaw
2019-07-26 19:15:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0133)
2022-01-28 00:00:00
nessus
nessus
Atlassian JIRA Service Desk < 4.20.26 / 5.4.x < 5.4.10 / 5.5.x < 5.7.2 / 5.8.x < 5.8.2 / 5.9.x < 5.9.2 / 5.10.x < 5.10.1 (JSDSERVER-14401)
2023-10-20 00:00:00
Oracle Identity Manager (Apr 2024 CPU)
2024-04-23 00:00:00
Oracle Enterprise Manager Ops Center (Oct 2020 CPU)
2021-08-24 00:00:00
cvelist
cvelist
CVE-2019-13990
2019-07-26 00:00:00
mageia
mageia
Updated quartz packages fix a security vulnerability
2021-03-15 00:20:42
veracode
veracode
XML External Entity (XXE)
2020-02-19 04:27:53
nvd
nvd
CVE-2019-13990
2019-07-26 19:15:11
atlassian
atlassian
XXE (XML External Entity Injection) in Jira Service Management Data Center and Server - CVE-2019-13990
2023-09-20 15:53:19
debiancve
debiancve
CVE-2019-13990
2019-07-26 19:15:11
redhat
redhat
(RHSA-2020:3247) Important: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update
2020-08-04 12:44:40
(RHSA-2020:3196) Important: Red Hat Decision Manager 7.8.0 Security Update
2020-07-29 06:02:59
(RHSA-2020:3197) Important: Red Hat Process Automation Manager 7.8.0 Security Update
2020-07-29 06:17:46
qualysblog
qualysblog
Oracle Patch Update, April 2024 Security Update Review
2024-04-17 14:39:59
Oracle Patch Tuesday, July 2023 Security Update Review
2023-07-19 15:56:06
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.1%

JSON
Related for ROSA-SA-2023-2272
ubuntucve1ibm6redhatcve1osv2cve1github1prion1openvas1nessus7cvelist1mageia1veracode1nvd1atlassian1debiancve1redhat4qualysblog2oracle8