Vulnerability Description
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sos-Berlin | Jobscheduler | >= 1.12.0, <= 1.12.12 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/158112/SOS-JobScheduler-1.13.3-Stored-PasswThird Party Advisory
- https://change.sos-berlin.com/browse/JOE-290Vendor Advisory
- https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.4Release NotesVendor Advisory
- https://www.sos-berlin.com/en/newsVendor Advisory
- http://packetstormsecurity.com/files/158112/SOS-JobScheduler-1.13.3-Stored-PasswThird Party Advisory
- https://change.sos-berlin.com/browse/JOE-290Vendor Advisory
- https://kb.sos-berlin.com/display/PKB/Vulnerability+Release+1.13.4Release NotesVendor Advisory
- https://www.sos-berlin.com/en/newsVendor Advisory
FAQ
What is CVE-2020-12712?
CVE-2020-12712 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored w...
How severe is CVE-2020-12712?
CVE-2020-12712 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-12712?
Check the references section above for vendor advisories and patch information. Affected products include: Sos-Berlin Jobscheduler.