Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

References

svn.apache.org/viewvc?view=revision&revision=1903910

bugzilla.redhat.com/show_bug.cgi?id=2155291

issues.apache.org/jira/browse/BATIK-1335

lists.apache.org/thread/hxtddqjty2sbs12y97c8g7xfh17jzxsx

nvd.nist.gov/vuln/detail/CVE-2022-40146

www.cve.org/CVERecord?id=CVE-2022-40146

veracode 1

nessus 5

atlassian 2

osv 2

github 1

ubuntucve 1

githubexploit 1

cnvd 1

cvelist 1

cve 1

debiancve 1

zdi 1

prion 1

ibm 11

mageia 1

openvas 3

amazon 2

gentoo 1

redhat 2

oracle 3

veracode

Server-Side Request Forgery

2022-09-26 12:42:58

nessus

Atlassian Confluence 7.13.x / 7.19.x < 7.19.16 (CONFSERVER-93178)

2023-11-22 00:00:00

Amazon Linux 2 : batik (ALAS-2023-1966)

2023-03-07 00:00:00

Amazon Linux AMI : batik (ALAS-2023-1695)

2023-03-07 00:00:00

atlassian

SSRF (Server-Side Request Forgery) org.apache.xmlgraphics:batik-bridge Dependency in Jira Software Data Center and Server

2024-02-14 10:47:23

SSRF org.apache.xmlgraphics:batik-bridge in Confluence Data Center and Server

2023-11-03 00:46:20

osv

Apache Batik vulnerable to Server-Side Request Forgery

2022-09-23 00:00:40

CVE-2022-40146

2022-09-22 15:15:09

github

Apache Batik vulnerable to Server-Side Request Forgery

2022-09-23 00:00:40

ubuntucve

CVE-2022-40146

2022-09-22 00:00:00

githubexploit

Exploit for Server-Side Request Forgery in Apache Batik

2022-11-01 03:41:36

cnvd

Apache XML Graphics Batik Server-Side Request Forgery Vulnerability

2022-09-26 00:00:00

cvelist

CVE-2022-40146 Jar url should be blocked by DefaultScriptSecurity

2022-09-22 00:00:00

cve

CVE-2022-40146

2022-09-22 15:15:00

debiancve

CVE-2022-40146

2022-09-22 15:15:00

zdi

Apache Batik DefaultScriptSecurity Server-Side Request Forgery Remote Code Execution Vulnerability

2022-10-04 00:00:00

prion

Server side request forgery (ssrf)

2022-09-22 15:15:00

ibm

Security Bulletin: Vulnerabilities in batik-all library affects IBM Engineering Test Management (ETM) (CVE-2022-38648, CVE-2022-40146, CVE-2022)

2023-05-02 07:45:16

Security Bulletin: There are several vulnerabilities in Apache Batik used by IBM Jazz Reporting Service (CVE-2022-40146, CVE-2022-38648, CVE-2022-38398)

2023-10-04 10:44:16

Security Bulletin: Multiple vulnerabilities in Apache Batik affect IBM Application Performance Management products

2023-09-13 07:59:32

mageia

Updated batik packages fix security vulnerabilities

2024-03-16 19:28:17

openvas

Mageia: Security Advisory (MGASA-2024-0068)

2024-03-18 00:00:00

Debian: Security Advisory (DLA-3619-1)

2023-10-16 00:00:00

Ubuntu: Security Advisory (USN-6117-1)

2023-05-31 00:00:00

amazon

Important: batik

2023-03-02 21:49:00

Important: batik

2023-03-02 20:21:00

gentoo

Apache Batik: Multiple Vulnerabilities

2024-01-07 00:00:00

redhat

(RHSA-2023:3954) Critical: Red Hat Fuse 7.12 release and security update

2023-06-29 20:05:32

(RHSA-2023:2100) Important: Red Hat Integration Camel for Spring Boot 3.20.1 security update

2023-05-03 14:03:49

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.001 Low

EPSS

Percentile

49.1%

JSON

Related for RH:CVE-2022-40146