CVE-2020-6856

MEDIUM

Sos-berlin Jobscheduler - XML Entity Expansion

Title source: rule

Description

An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.

References (1)

[Issue Tracking, Vendor Advisory] https://change.sos-berlin.com/browse/JOC-853

Scores

CVSS v3 6.5

EPSS 0.0045

EPSS Percentile 63.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-776

Status published

Products (2)

sos-berlin/jobscheduler 1.11

sos-berlin/jobscheduler 1.13.2

Published Feb 06, 2020

Tracked Since Feb 18, 2026