Security Advisory

CVE-2020-6856

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-02-06 16:22:47

Last updated 2024-08-04 09:11:05

Assigner mitre

State PUBLISHED

Description

An XML External Entity (XEE) vulnerability exists in the JOC Cockpit component of SOS JobScheduler 1.12 and 1.13.2 allows attackers to read files from the server via an entity declaration in any of the XML documents that are used to specify the run-time settings of jobs and orders.

← Browse all CVEs View on cve.org ↗