PT-2020-19267 · Sos · Sos Jobscheduler
Oliver Haufe
·
Published
2020-02-06
·
Updated
2020-02-07
·
CVE-2020-6855
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
SOS JobScheduler versions 1.11 through 1.13.2
Description
A large or infinite loop issue in the JOC Cockpit component allows attackers to parameterize housekeeping jobs, potentially exhausting system resources and resulting in a denial of service.
Recommendations
For SOS JobScheduler versions 1.11 through 1.13.2, consider restricting access to the JOC Cockpit component to minimize the risk of exploitation until a patch is available.
Fix
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sos Jobscheduler