CVE-2020-6856

Published: Feb 6, 2020Modified: Jun 17, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.

Affected (2)

Products: Sos Berlin: Jobscheduler

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sos Berlin Jobscheduler	Version 1.11
Sos Berlin Jobscheduler	Version 1.13.2

Related CWEs

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.

References (2)

https://change.sos-berlin.com/browse/JOC-853

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://change.sos-berlin.com/browse/JOC-853

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.