MidnightBSD

Advisories for softwareag

CVE-2019-13990 HIGH

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-611,CWE-611,

Products Affected

Vendor Product Version
atlassian jira_service_management 5.4.2
atlassian jira_service_management 5.4.4
oracle apache_batik_mapviewer 12.2.0.1
atlassian jira_service_management 5.4.3
atlassian jira_service_management 4.20.1
oracle flexcube_private_banking 12.0.0
atlassian jira_service_management 4.22.3
oracle communications_session_route_manager *
atlassian jira_service_management 4.20.24
oracle banking_payments *
oracle flexcube_private_banking 12.1.0
atlassian jira_service_management 4.22.6
atlassian jira_service_management 5.8.1
oracle google_guava_mapviewer 12.2.0.1
atlassian jira_service_management 4.20.10
oracle apache_batik_mapviewer 19c
atlassian jira_service_management 5.3.2
oracle communications_ip_service_activator 7.3.0
atlassian jira_service_management 4.20.9
oracle documaker *
oracle flexcube_investor_servicing 12.4.0
atlassian jira_service_management 5.5.1
oracle retail_point-of-service 14.1
oracle retail_xstore_point_of_service 15.0
oracle hyperion_infrastructure_technology 11.1.2.4
oracle retail_order_broker 19.0
oracle banking_enterprise_product_manufacturing 2.7.0
atlassian jira_service_management 5.7.0
oracle webcenter_sites 12.2.1.4.0
atlassian jira_service_management 4.20.13
atlassian jira_service_management 5.6.0
oracle flexcube_investor_servicing 12.1.0
atlassian jira_service_management 5.1.0
oracle retail_order_broker 16.0
oracle retail_returns_management 14.1
atlassian jira_service_management 5.4.9
oracle retail_xstore_point_of_service 16.0
atlassian jira_service_management 5.4.1
oracle enterprise_manager_ops_center 12.4.0.0
oracle retail_integration_bus 15.0
atlassian jira_service_management 4.20.4
atlassian jira_service_management 5.4.6
atlassian jira_service_management 5.1.1
netapp cloud_secure_agent -
oracle retail_order_broker 15.0
oracle primavera_unifier 18.8
atlassian jira_service_management 5.4.5
atlassian jira_service_management 4.20.7
oracle primavera_unifier *
atlassian jira_service_management 4.20.6
atlassian jira_service_management 4.20.12
oracle flexcube_investor_servicing 14.1.0
apache tomee 7.1.3
atlassian jira_service_management 4.20.11
oracle apache_batik_mapviewer 18c
atlassian jira_service_management 4.20.14
atlassian jira_service_management 5.4.8
atlassian jira_service_management 4.20.22
oracle flexcube_investor_servicing 14.4.0
oracle retail_integration_bus 16.0
oracle terracotta_quartz_scheduler_mapviewer 12.2.0.1
atlassian jira_service_management 5.8.0
oracle flexcube_investor_servicing 12.3.0
atlassian jira_service_management 4.20.19
oracle primavera_unifier 16.1
atlassian jira_service_management 4.22.0
atlassian jira_service_management 4.21.0
oracle webcenter_sites 12.2.1.3.0
atlassian jira_service_management 4.20.16
atlassian jira_service_management 5.7.1
oracle banking_enterprise_originations 2.7.0
atlassian jira_service_management 4.20.15
atlassian jira_service_management 4.20.17
oracle retail_xstore_point_of_service 17.0
oracle google_guava_mapviewer 19c
atlassian jira_service_management 4.20.5
softwareag quartz *
atlassian jira_service_management 5.3.1
oracle retail_back_office 14.1
atlassian jira_service_management 4.20.8
oracle banking_enterprise_originations 2.8.0
atlassian jira_service_management 4.20.23
atlassian jira_service_management 4.22.4
atlassian jira_service_management 5.9.0
atlassian jira_service_management 5.0.0
netapp active_iq_unified_manager -
atlassian jira_service_management 5.4.0
oracle terracotta_quartz_scheduler_mapviewer 19c
atlassian jira_service_management 4.20.18
atlassian jira_service_management 4.20.2
atlassian jira_service_management 5.2.0
oracle jd_edwards_enterpriseone_orchestrator *
oracle communications_ip_service_activator 7.4.0
oracle enterprise_manager_base_platform 13.2.1.0
oracle retail_xstore_point_of_service 19.0
oracle terracotta_quartz_scheduler_mapviewer 18c
atlassian jira_service_management 4.20.3
atlassian jira_service_management 5.4.7
oracle google_guava_mapviewer 18c
atlassian jira_service_management 4.20.25
atlassian jira_service_management 5.10.0
atlassian jira_service_management 4.20.20
atlassian jira_service_management 4.20.0
atlassian jira_service_management 4.20.21
atlassian jira_service_management 5.3.0
oracle primavera_unifier 16.2
atlassian jira_service_management 5.3.3
oracle retail_xstore_point_of_service 18.0
oracle customer_management_and_segmentation_foundation 18.0
oracle banking_enterprise_product_manufacturing 2.8.0
oracle retail_central_office 14.1
atlassian jira_service_management 4.22.2
oracle retail_order_broker 18.0
atlassian jira_service_management 4.22.1
oracle fusion_middleware_mapviewer 12.2.1.3.0
atlassian jira_service_management 5.2.1
atlassian jira_service_management 4.21.1
CVE-2020-35469 HIGH

The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remote attacker to achieve root access with a blank password.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-306,

Products Affected

Vendor Product Version
softwareag terracotta_server_oss 5.4.1
CVE-2021-33207 HIGH

The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-502,

Products Affected

Vendor Product Version
softwareag mashzone_nextgen *
CVE-2021-33208 MEDIUM

The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
softwareag mashzone_nextgen *
CVE-2021-33523 MEDIUM

MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
softwareag mashzone_nextgen *
CVE-2021-33581 MEDIUM

MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-918,

Products Affected

Vendor Product Version
softwareag mashzone_nextgen *
CVE-2021-40649 MEDIUM

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-732,

Products Affected

Vendor Product Version
softwareag connx 6.2.0.1269
CVE-2021-40650 MEDIUM

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N 2.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-311,

Products Affected

Vendor Product Version
softwareag connx 6.2.0.1269
CVE-2023-0925

Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port). Port 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. An unauthenticated attacker with network connectivity to the RMI registry and RMI interface ports can abuse this functionality to instruct the webMethods OneData application to load a malicious serialized Java object as a parameter to one of the available Java methods presented by the RMI interface. Once deserialized on the vulnerable server, the malicious code runs as whichever operating system account is used to run the software, which in most cases is the local System account on Windows.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
softwareag webmethods 10.11
CVE-2023-39017

quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.

Products Affected

Vendor Product Version
softwareag quartz *
CVE-2023-6578 HIGH

A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you'll be able to see details like internal IPs, ports, and versions. In some cases if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 7.3 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 3.9 3.4
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 3.9 2.5

CVSS 2.0

Severity: HIGH

Problem Type: CWE-284,NVD-CWE-Other,

Products Affected

Vendor Product Version
softwareag webmethods *
CVE-2025-66837

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.8 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N 1.6 5.2

Products Affected

Vendor Product Version
softwareag aris *
CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performance

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 2.8 3.6

Products Affected

Vendor Product Version
softwareag aris *