CVE-2020-12712

Опубликовано: 11 июн. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.

Ссылки

http://packetstormsecurity.com/files/158112/SOS-JobScheduler-1.13.3-Stored-Password-Decryption.html
Third Party Advisory
https://change.sos-berlin.com/browse/JOE-290
Vendor Advisory
https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.4
Release Notes
Vendor Advisory
https://www.sos-berlin.com/en/news
Vendor Advisory
http://packetstormsecurity.com/files/158112/SOS-JobScheduler-1.13.3-Stored-Password-Decryption.html
Third Party Advisory
https://change.sos-berlin.com/browse/JOE-290
Vendor Advisory
https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.4
Release Notes
Vendor Advisory
https://www.sos-berlin.com/en/news
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sos-berlin:jobscheduler:*:*:*:*:*:*:*:*

Версия от 1.12.0 (включая) до 1.12.12 (включая)

cpe:2.3:a:sos-berlin:jobscheduler:*:*:*:*:*:*:*:*

Версия от 1.13.0 (включая) до 1.13.3 (включая)

EPSS

Процентиль: 89%

0.04538

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-330

Связанные уязвимости

GHSA-w8q7-623v-pvjv

github

больше 3 лет назад