CVE-2019-13990

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2019-13990
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2019-07-26 19:15:00 UTC
Updated2023-12-22 16:35:00 UTC
DescriptioninitDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.

Risk And Classification

Problem Types: CWE-611

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Apache Tomee 7.1.3 All All All
Application Atlassian Jira Service Management 4.20.0 All All All
Application Atlassian Jira Service Management 4.20.0 All All All
Application Atlassian Jira Service Management 4.20.1 All All All
Application Atlassian Jira Service Management 4.20.1 All All All
Application Atlassian Jira Service Management 4.20.10 All All All
Application Atlassian Jira Service Management 4.20.10 All All All
Application Atlassian Jira Service Management 4.20.11 All All All
Application Atlassian Jira Service Management 4.20.11 All All All
Application Atlassian Jira Service Management 4.20.12 All All All
Application Atlassian Jira Service Management 4.20.12 All All All
Application Atlassian Jira Service Management 4.20.13 All All All
Application Atlassian Jira Service Management 4.20.13 All All All
Application Atlassian Jira Service Management 4.20.14 All All All
Application Atlassian Jira Service Management 4.20.14 All All All
Application Atlassian Jira Service Management 4.20.15 All All All
Application Atlassian Jira Service Management 4.20.15 All All All
Application Atlassian Jira Service Management 4.20.16 All All All
Application Atlassian Jira Service Management 4.20.16 All All All
Application Atlassian Jira Service Management 4.20.17 All All All
Application Atlassian Jira Service Management 4.20.17 All All All
Application Atlassian Jira Service Management 4.20.18 All All All
Application Atlassian Jira Service Management 4.20.18 All All All
Application Atlassian Jira Service Management 4.20.19 All All All
Application Atlassian Jira Service Management 4.20.19 All All All
Application Atlassian Jira Service Management 4.20.2 All All All
Application Atlassian Jira Service Management 4.20.2 All All All
Application Atlassian Jira Service Management 4.20.20 All All All
Application Atlassian Jira Service Management 4.20.20 All All All
Application Atlassian Jira Service Management 4.20.21 All All All
Application Atlassian Jira Service Management 4.20.21 All All All
Application Atlassian Jira Service Management 4.20.22 All All All
Application Atlassian Jira Service Management 4.20.22 All All All
Application Atlassian Jira Service Management 4.20.23 All All All
Application Atlassian Jira Service Management 4.20.23 All All All
Application Atlassian Jira Service Management 4.20.24 All All All
Application Atlassian Jira Service Management 4.20.24 All All All
Application Atlassian Jira Service Management 4.20.25 All All All
Application Atlassian Jira Service Management 4.20.25 All All All
Application Atlassian Jira Service Management 4.20.3 All All All
Application Atlassian Jira Service Management 4.20.3 All All All
Application Atlassian Jira Service Management 4.20.4 All All All
Application Atlassian Jira Service Management 4.20.4 All All All
Application Atlassian Jira Service Management 4.20.5 All All All
Application Atlassian Jira Service Management 4.20.5 All All All
Application Atlassian Jira Service Management 4.20.6 All All All
Application Atlassian Jira Service Management 4.20.6 All All All
Application Atlassian Jira Service Management 4.20.7 All All All
Application Atlassian Jira Service Management 4.20.7 All All All
Application Atlassian Jira Service Management 4.20.8 All All All
Application Atlassian Jira Service Management 4.20.8 All All All
Application Atlassian Jira Service Management 4.20.9 All All All
Application Atlassian Jira Service Management 4.20.9 All All All
Application Atlassian Jira Service Management 4.21.0 All All All
Application Atlassian Jira Service Management 4.21.0 All All All
Application Atlassian Jira Service Management 4.21.1 All All All
Application Atlassian Jira Service Management 4.21.1 All All All
Application Atlassian Jira Service Management 4.22.0 All All All
Application Atlassian Jira Service Management 4.22.0 All All All
Application Atlassian Jira Service Management 4.22.1 All All All
Application Atlassian Jira Service Management 4.22.1 All All All
Application Atlassian Jira Service Management 4.22.2 All All All
Application Atlassian Jira Service Management 4.22.2 All All All
Application Atlassian Jira Service Management 4.22.3 All All All
Application Atlassian Jira Service Management 4.22.3 All All All
Application Atlassian Jira Service Management 4.22.4 All All All
Application Atlassian Jira Service Management 4.22.4 All All All
Application Atlassian Jira Service Management 4.22.6 All All All
Application Atlassian Jira Service Management 4.22.6 All All All
Application Atlassian Jira Service Management 5.0.0 All All All
Application Atlassian Jira Service Management 5.0.0 All All All
Application Atlassian Jira Service Management 5.1.0 All All All
Application Atlassian Jira Service Management 5.1.0 All All All
Application Atlassian Jira Service Management 5.1.1 All All All
Application Atlassian Jira Service Management 5.1.1 All All All
Application Atlassian Jira Service Management 5.10.0 All All All
Application Atlassian Jira Service Management 5.10.0 All All All
Application Atlassian Jira Service Management 5.2.0 All All All
Application Atlassian Jira Service Management 5.2.0 All All All
Application Atlassian Jira Service Management 5.2.1 All All All
Application Atlassian Jira Service Management 5.2.1 All All All
Application Atlassian Jira Service Management 5.3.0 All All All
Application Atlassian Jira Service Management 5.3.0 All All All
Application Atlassian Jira Service Management 5.3.1 All All All
Application Atlassian Jira Service Management 5.3.1 All All All
Application Atlassian Jira Service Management 5.3.2 All All All
Application Atlassian Jira Service Management 5.3.2 All All All
Application Atlassian Jira Service Management 5.3.3 All All All
Application Atlassian Jira Service Management 5.3.3 All All All
Application Atlassian Jira Service Management 5.4.0 All All All
Application Atlassian Jira Service Management 5.4.0 All All All
Application Atlassian Jira Service Management 5.4.1 All All All
Application Atlassian Jira Service Management 5.4.1 All All All
Application Atlassian Jira Service Management 5.4.2 All All All
Application Atlassian Jira Service Management 5.4.2 All All All
Application Atlassian Jira Service Management 5.4.3 All All All
Application Atlassian Jira Service Management 5.4.3 All All All
Application Atlassian Jira Service Management 5.4.4 All All All
Application Atlassian Jira Service Management 5.4.4 All All All
Application Atlassian Jira Service Management 5.4.5 All All All
Application Atlassian Jira Service Management 5.4.5 All All All
Application Atlassian Jira Service Management 5.4.6 All All All
Application Atlassian Jira Service Management 5.4.6 All All All
Application Atlassian Jira Service Management 5.4.7 All All All
Application Atlassian Jira Service Management 5.4.7 All All All
Application Atlassian Jira Service Management 5.4.8 All All All
Application Atlassian Jira Service Management 5.4.8 All All All
Application Atlassian Jira Service Management 5.4.9 All All All
Application Atlassian Jira Service Management 5.4.9 All All All
Application Atlassian Jira Service Management 5.5.1 All All All
Application Atlassian Jira Service Management 5.5.1 All All All
Application Atlassian Jira Service Management 5.6.0 All All All
Application Atlassian Jira Service Management 5.6.0 All All All
Application Atlassian Jira Service Management 5.7.0 All All All
Application Atlassian Jira Service Management 5.7.0 All All All
Application Atlassian Jira Service Management 5.7.1 All All All
Application Atlassian Jira Service Management 5.7.1 All All All
Application Atlassian Jira Service Management 5.8.0 All All All
Application Atlassian Jira Service Management 5.8.0 All All All
Application Atlassian Jira Service Management 5.8.1 All All All
Application Atlassian Jira Service Management 5.8.1 All All All
Application Atlassian Jira Service Management 5.9.0 All All All
Application Atlassian Jira Service Management 5.9.0 All All All
Application Netapp Active Iq Unified Manager - All All All
Application Netapp Active Iq Unified Manager - All All All
Application Netapp Active Iq Unified Manager - All All All
Application Netapp Cloud Secure Agent - All All All
Application Oracle Apache Batik Mapviewer 12.2.0.1 All All All
Application Oracle Apache Batik Mapviewer 18c All All All
Application Oracle Apache Batik Mapviewer 19c All All All
Application Oracle Banking Enterprise Originations 2.7.0 All All All
Application Oracle Banking Enterprise Originations 2.8.0 All All All
Application Oracle Banking Enterprise Product Manufacturing 2.7.0 All All All
Application Oracle Banking Enterprise Product Manufacturing 2.8.0 All All All
Application Oracle Banking Payments All All All All
Application Oracle Communications Ip Service Activator 7.3.0 All All All
Application Oracle Communications Ip Service Activator 7.4.0 All All All
Application Oracle Communications Session Route Manager All All All All
Application Oracle Customer Management And Segmentation Foundation 18.0 All All All
Application Oracle Documaker All All All All
Application Oracle Enterprise Manager Base Platform 13.2.1.0 All All All
Application Oracle Enterprise Manager Ops Center 12.4.0.0 All All All
Application Oracle Flexcube Investor Servicing 12.1.0 All All All
Application Oracle Flexcube Investor Servicing 12.3.0 All All All
Application Oracle Flexcube Investor Servicing 12.4.0 All All All
Application Oracle Flexcube Investor Servicing 14.1.0 All All All
Application Oracle Flexcube Investor Servicing 14.4.0 All All All
Application Oracle Flexcube Private Banking 12.0.0 All All All
Application Oracle Flexcube Private Banking 12.1.0 All All All
Application Oracle Fusion Middleware Mapviewer 12.2.1.3.0 All All All
Application Oracle Google Guava Mapviewer 12.2.0.1 All All All
Application Oracle Google Guava Mapviewer 18c All All All
Application Oracle Google Guava Mapviewer 19c All All All
Application Oracle Hyperion Infrastructure Technology 11.1.2.4 All All All
Application Oracle Jd Edwards Enterpriseone Orchestrator All All All All
Application Oracle Primavera Unifier 16.1 All All All
Application Oracle Primavera Unifier 16.2 All All All
Application Oracle Primavera Unifier 18.8 All All All
Application Oracle Primavera Unifier All All All All
Application Oracle Retail Back Office 14.1 All All All
Application Oracle Retail Central Office 14.1 All All All
Application Oracle Retail Integration Bus 15.0 All All All
Application Oracle Retail Integration Bus 16.0 All All All
Application Oracle Retail Order Broker 15.0 All All All
Application Oracle Retail Order Broker 16.0 All All All
Application Oracle Retail Order Broker 18.0 All All All
Application Oracle Retail Order Broker 19.0 All All All
Application Oracle Retail Point-of-service 14.1 All All All
Application Oracle Retail Returns Management 14.1 All All All
Application Oracle Retail Xstore Point Of Service 15.0 All All All
Application Oracle Retail Xstore Point Of Service 16.0 All All All
Application Oracle Retail Xstore Point Of Service 17.0 All All All
Application Oracle Retail Xstore Point Of Service 18.0 All All All
Application Oracle Retail Xstore Point Of Service 19.0 All All All
Application Oracle Terracotta Quartz Scheduler Mapviewer 12.2.0.1 All All All
Application Oracle Terracotta Quartz Scheduler Mapviewer 18c All All All
Application Oracle Terracotta Quartz Scheduler Mapviewer 19c All All All
Application Oracle Webcenter Sites 12.2.1.3.0 All All All
Application Oracle Webcenter Sites 12.2.1.4.0 All All All
Application Softwareag Quartz All All All All
Application Softwareag Quartz All All All All

References

ReferenceSourceLinkTags
Pony Mail! lists.apache.org
Pony Mail! lists.apache.org
Pony Mail! MLIST lists.apache.org
Oracle Critical Patch Update Advisory - July 2020 MISC www.oracle.com
CVE-2019-13990 - XXE (XML External Entity Injection) Vulnerability In Jira Service Management Data Center and Jira Service Management Server | Atlassian Support | Atlassian Documentation MISC confluence.atlassian.com
Pony Mail! lists.apache.org
Pony Mail! lists.apache.org
Oracle Critical Patch Update Advisory - October 2020 MISC www.oracle.com
Oracle Critical Patch Update Advisory - July 2021 N/A www.oracle.com
Oracle Critical Patch Update Advisory - October 2021 MISC www.oracle.com
Pony Mail! MLIST lists.apache.org Mailing List, Third Party Advisory
Pony Mail! lists.apache.org
CVE-2019-13990 Quartz Vulnerability in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
Pony Mail! lists.apache.org
Pony Mail! MLIST lists.apache.org Mailing List, Third Party Advisory
Pony Mail! MLIST lists.apache.org
Pony Mail! lists.apache.org
Pony Mail! MLIST lists.apache.org
Pony Mail! lists.apache.org
Pony Mail! MLIST lists.apache.org
Oracle Critical Patch Update Advisory - April 2020 N/A www.oracle.com
Pony Mail! MLIST lists.apache.org Mailing List, Third Party Advisory
Pony Mail! MLIST lists.apache.org
Oracle Critical Patch Update Advisory - January 2021 MISC www.oracle.com
Security: XXE in initDocumentParser · Issue #467 · quartz-scheduler/quartz · GitHub MISC github.com Third Party Advisory
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 20277 Oracle Database 18c Critical OJVM Patch Update - July 2020
  • 20281 Oracle Database 19c Critical OJVM Patch Update - July 2020
  • 20292 Oracle Database 12.2.0.1 Critical OJVM Patch Update - July 2020
  • 378988 Atlassian Jira Service Management Extensible Markup Language (XML) External Entity (XXE) Injection Vulnerability (JSDSERVER-14401)
  • 980295 Java (maven) Security Update for org.quartz-scheduler:quartz (GHSA-9qcf-c26r-x5rf)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report