Vulnerability Details CVE-2020-12712
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 89.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://packetstormsecurity.com/files/158112/SOS-JobScheduler-1.13.3-Stored-Password-Decryption.html
- https://change.sos-berlin.com/browse/JOE-290
- https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.4
- https://www.sos-berlin.com/en/news
- http://packetstormsecurity.com/files/158112/SOS-JobScheduler-1.13.3-Stored-Password-Decryption.html
- https://change.sos-berlin.com/browse/JOE-290
- https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.4
- https://www.sos-berlin.com/en/news
Products affected by CVE-2020-12712
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.0
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.1
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.10
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.11
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.12
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.2
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.3
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.4
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.5
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.6
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.7
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.8
-
cpe:2.3:a:sos-berlin:jobscheduler:1.12.9
-
cpe:2.3:a:sos-berlin:jobscheduler:1.13.0
-
cpe:2.3:a:sos-berlin:jobscheduler:1.13.1
-
cpe:2.3:a:sos-berlin:jobscheduler:1.13.2
-
cpe:2.3:a:sos-berlin:jobscheduler:1.13.3