← Back

Quartz

quartz

Vendor: Softwareag • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-39017
1Softwareag
1Quartz
Nov 21, 2024
Jul 28, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument....Show more
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.Show less
CVE-2019-13990
5Apache
AtlassianNetapp+2 more
31Active Iq Unified Manager
Apache Batik MapviewerBanking Enterprise Originations+28 more
Nov 21, 2024
Jul 26, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.