Vulnerability Details CVE-2023-39017
quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.1%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-39017
-
cpe:2.3:a:softwareag:quartz:-
-
cpe:2.3:a:softwareag:quartz:1.8.0
-
cpe:2.3:a:softwareag:quartz:1.8.1
-
cpe:2.3:a:softwareag:quartz:1.8.2
-
cpe:2.3:a:softwareag:quartz:1.8.3
-
cpe:2.3:a:softwareag:quartz:1.8.4
-
cpe:2.3:a:softwareag:quartz:1.8.5
-
cpe:2.3:a:softwareag:quartz:1.8.6
-
cpe:2.3:a:softwareag:quartz:2.0.0
-
cpe:2.3:a:softwareag:quartz:2.0.1
-
cpe:2.3:a:softwareag:quartz:2.0.2
-
cpe:2.3:a:softwareag:quartz:2.1.0
-
cpe:2.3:a:softwareag:quartz:2.1.1
-
cpe:2.3:a:softwareag:quartz:2.1.2
-
cpe:2.3:a:softwareag:quartz:2.1.3
-
cpe:2.3:a:softwareag:quartz:2.1.4
-
cpe:2.3:a:softwareag:quartz:2.1.5
-
cpe:2.3:a:softwareag:quartz:2.1.6
-
cpe:2.3:a:softwareag:quartz:2.1.7
-
cpe:2.3:a:softwareag:quartz:2.2.0
-
cpe:2.3:a:softwareag:quartz:2.2.1
-
cpe:2.3:a:softwareag:quartz:2.2.2
-
cpe:2.3:a:softwareag:quartz:2.2.3
-
cpe:2.3:a:softwareag:quartz:2.3.0
-
cpe:2.3:a:softwareag:quartz:2.3.1