CVE-2020-6856
MEDIUMSOS JobScheduler 1.12 and 1.13.2 - XML External Entity Injection in JOC Cockpit
Title source: llmDescription
An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://change.sos-berlin.com/browse/JOC-853
Scores
CVSS v3
6.5
EPSS
0.0093
EPSS Percentile
55.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-776
Status
published
Products (2)
sos-berlin/jobscheduler
1.11
sos-berlin/jobscheduler
1.13.2
Published
Feb 06, 2020
Tracked Since
Feb 18, 2026